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Abstract. Interrupt Timed Automata (ITA) form a subclass of stop¬ 
watch automata where reachability and some variants of timed model 
checking are decidable even in presence of parameters. They are well 
suited to model and analyze real-time operating systems. Here we ex¬ 
tend ITA with polynomial guards and updates, leading to the class of 
polynomial ITA (PolITA). We prove the decidability of the reachabil¬ 
ity and model checking of a timed version of CTL by an adaptation of 
the cylindrical decomposition method for the first-order theory of reals. 
Compared to previous approaches, our procedure handles parameters 
and clocks in a unified way. Moreover, we show that PolITA are in¬ 
comparable with stopwatch automata. Finally additional features are 
introduced while preserving decidability. 

1 Introduction 

Hybrid Automata. Hybrid systems |16| combine continuous evolution of variables 
according to flow functions (described by differential inclusions) in control nodes, 
and discrete jumps between these nodes, where the variables can be tested by 
guards and updated. This class of models is very expressive and all relevant ver¬ 
ification questions {e.g. reachability) are undecidable. For the last twenty years, 
a large amount of research was devoted to identifying subclasses with decidable 
properties, by restricting the continuous dynamics and/or the discrete behav¬ 
ior of the systems. Among these classes lie the well known Timed Automata 
(TA) [3], where all variables are clocks (with derivative i; = 1), guards are com¬ 
parisons of clocks with rational constants, and updates are resets. It is proved 
in m that reachability becomes undecidable when adding one stopwatch (with 
i = 1 or i = 0) to timed automata. Decidability results were also obtained for 
larger classes (see |5l2ll7l20l4] 'l. usually by building from the associated tran¬ 
sition system (with uncountable state space) a finite abstraction preserving a 
specific class of properties, like reachability or those expressed by temporal logic 
formulas. In all these abstractions, a state is a pair composed of a control node 
and a polyhedron of variable values. Examples of such classes include initial¬ 
ized rectangular automata |17j where x € [a, b] or o-minimal hybrid systems [20] 




where the flow is more general, for instance of the form x = Ax over K" for some 
matrix A. In both cases, the variables must be (possibly non deterministically) 
reinitialized at discrete jumps. 


Interrupt Timed Automata. The class of Interrupt Timed Automata (ITA), in¬ 
comparable with TA, was introduced in mni as another subclass of hybrid 
automata with a (time-abstract) bisimulation providing a finite quotient, thus 
leading to decidability of reachability and some variants of timed model check¬ 
ing. In a basic n-dimensional ITA, control nodes are organized along n levels, 
with n stopwatches (also called clocks hereafter), one per level. At a given level, 
the associated clock is active, while clocks from lower levels are frozen and clocks 
from higher levels are irrelevant. Guards are linear constraints and the clocks 
can be updated by linear expressions (using only clocks from lower levels). The 
particular hierarchical structure of ITA makes them particularly well suited for 
modeling systems with interruptions, like real-time operating systems. ITA were 
extended with parameters in [3] while preserving decidability by combining the 
finite abstraction of original ITA with a finite partition of parameter values. 


Contribution. We define the class PolITA, of polynomial ITA, where linear 
expressions on clocks are replaced by polynomials with rational coefficients both 
for guards and updates. For instance, a guard at level 2 with clock x^ can be of 
the form Pi{x\)x 2 + P 2 {xi) > 0, where Pi and P 2 are polynomials with single 
variable a:i, the clock of level 1. Thus, guards are more expressive than in the 
whole class of linear hybrid automata. Such guards can be useful for instance 
if some objects are produced at given levels, and operations on higher levels 
on these objects require polynomial-time computations w.r.t. the size of these 
objects. In addition, such guards can simulate irrational (algebraic) constraints, 
a case that becomes undecidable in the setting of timed automata [21]. 

We establish that model checking of a timed extension of CTL (which con¬ 
tains reachability) is decidable in 2EXPTIME for PolITA by adapting the 
cylindrical decomposition mm related to the first order theory of reals. This 
decomposition produces a finite partition of the state space, which is the basis 
for the construction of a finite bisimulation quotient. The first order theory of 
reals has already been used in several works on hybrid automata mm but it 
was restricted to the dynamical part, with discrete jumps that must reinitial¬ 
ize the variables (like in o-minimal hybrid systems). Our adaptation consists 
in an on-the-fly construction avoiding in the favorable cases to build the whole 
decomposition. 

Prom an expressiveness point of view, we show that (contrary to ITA) PolITA 
are incomparable with stopwatch automata (SWA). Finally, we prove that the 
decidability result still holds with several extensions: adding auxiliary clocks and 
parameters, and enriching the possible updates. In particular, parametric ITA [3] 
can be seen as a subclass of PolITA, and the complexity of our reachability 
algorithm is better than [g (2EXPSPACE). 







Outline. We describe the model of polynomial ITA in Sectionj^ with an example 
and the presentation of the model checking problem. In Section]^ we revisit and 
adapt in this context the cylindrical decomposition for the hrst theory of reals, 
with a special focus on the related algorithmic questions. The decision proce¬ 
dure for the model checking problem in PolITA is then presented in Section]^ 
with an example of the construction. Finally, we describe several extensions in 
Section [U and conclude in Section [H 

2 Polynomial ITA 

2.1 Definition 

Let N denote the set of natural numbers, Z the set of integers, Q the set of 
rationale, and M the set of real numbers, with ]R>o the set of non negative real 
numbers. 

Let X = {a:i,... ,Xn} be a finite set of n variables called clocks. We write 
Q[a;i,..., Xn] for the set of polynomials with n variables and rational coefficients. 
A polynomial constraint is a conjunction of constraints of the form P to 0 where 
P S Q[a;i,..., Xn] and oas {<, <, =, >, >}, and we denote by C(X) the set of 
polynomial constraints. We also define U(X), the set of polynomial updates over 
X as: 

U{X) = 1 /\x:=P, 

[x&X 

A valuation for A is a mapping v G sometimes also identified to the 
vector (v(xi),... ,v(xn)) G R"- The valuation where v{x) = 0 for all a; G A is 
denoted by 0. For P G Q[a;i,... ,a:„] and v a valuation, the value of P at a; is 
P{v) = P{v{xi ),..., v{xn)). A valuation v satisfies the constraint P ixi 0, written 
^ P CXI 0, if P{v) [XI 0. The notation is naturally extended to a polynomial 
constraint: v \= (p with = /\j P^ cxi^ 0 if z; |= Pi ixi^ 0 for every i. 

An update of valuation v hy u = := Px G U{X) is the valuation 

v[u] defined by v[u]{x) = Px(v) for every x G A. Hence an update is atomic in 
the sense that all variables are set at the same time: the new value of variables 
depend on the old values of v. 

For a valuation v and a delay d G R> 0 ) the valuation v' = v +k d, corre¬ 
sponding to time elapsing for clock x^, is defined by v'{xk) = v{xk) + d and 
v'{x) = v(x) for any other clock x. 

Definition 2.1 (PolITA). A polynomial interrupt timed automaton (PolITA) 
is a tuple A = (A, Q, qo, P, A, A, A), where: 

— S is a finite alphabet, 

— Q is a finite set of states, go is the initial state, F C Q is the set of final 

states, 

— X = {xi,... ,x„} consists of n interrupt clocks. 




— the mapping A : Q —)■ {1,..., n} associates with each state its level and Xx(^q) 
is called the active clock in state q. 

— Ac QxC{X)x{EU{e})xU{X)xQ is the set of transitions. Letq q' in 

A be a transition with k = X{q) and k' = X{q'). The guard (p is a conjunction 
of constraints P cxi 0 with P € Q[xi,..., Xk] (P is a polynomial over clocks 
from levels less than or equal to k). The update u is of the form Af^iXi := Ci 
with: 

• if k > k', i.e. the transition decreases the level, then for 1 < i < k\ 
Ci = Xi and for i > k', Ci = 0; 

• if k < k' then for 1 < i < k, Ci = Xi, Ck = P for P G Q[xi,..., Xk-i] 
or Ck = Xk, and for i > k, Ci = 0. 

Remark that although it is possible to compare an active clock in a non¬ 
polynomial way, e.g. X 2 > yCci (which can be translated as X 2 > Xi A Xi > 0 ), 
it cannot be updated in such a fashion. 

Example 2.2. PolITA Aq of Fig. [^has two levels, with q^ at level 1 and <71 and 
q 2 at level 2, with q 2 the single final state. At level 1, only Xi appears in guards 
and updates (here the only update is the resetting of xi by action a'), while at 
level 2 guards use polynomials in both xi and X 2 . 


( 2 x 1 - l)xl >1,6 



Fig. 1. A sample PolITA Aq. 


A configuration {q, v) consists of a state q oi A and a clock valuation v. 

Definition 2.3. The semantics of a PolITA A is defined by the (timed) tran¬ 
sition system Ta = (S', sq,— >■), where S = {{q,v) \ q G Q, v G is the set 

of configurations, with initial configuration sq = (qo,0). The relation -A on S 
consists of two types of steps: 

Time steps: Only the active elock in a .state can evolve, all other cloeks are 
frozen. For a state q with active clock x^g), a time step of duration d G K>o 

is defined by {q,v) {q,v') with v' = v +>( 13 ) d. A time step of duration 0 

leaves the system Ta T the same configuration. 

Discrete steps: There is a discrete step {q,v) {q',v') whenever there exists 

a transition q q' in A such that v \= p and v' = u[u]. 






An run of a PolITA A is a path in Ta- The trace of a run is the sequence 
of letters (or word) appearing in the path. The timed word is the sequence 
of letters along with the absolute time of the occurrence, i.e. the sum of all 
delays appearing before the letter. Given a subset F C Q oi final states, a run 
is accepting if it ends in a state of F. This defines the language (resp. timed 
language) as the set of traces (resp. timed words) of accepting runs. 

Example 2.4- The PolITA Ao can only take the transition from to qi before 
Xi reaches i.e. at the point where the red curve crosses the Xi axis on 

Fig.H Then, transition b from qi to q 2 can only be taken once X 2 reaches 
the grey areas. Transition c cannot however be taken once the green curve has 
been crossed. Hence the loop be can be taken as long as the clocks remain in 
the dark gray zone. In the sequel, we show how to symbolically compute these 
zones. Since q 2 is a final state, the run depicted in Fig. is accepted by A. The 
associated timed word is (a, 1.2)(6,2.3)(c, 2.6)(&, 3.3)(c, 3.9)(6, 5.1), and the trace 
is the word abebeb. 


X2 



Fig. 2. A trajectory of clocks of Ao in the 2-dimensional plane. 


2.2 Verification problems for PolITA 

Given a PolITA A, natural questions arise regarding its behavior. The most 
standard one is the reaehability problem which is the decision problem asking 
whether a given state can be reached from the initial configuration. This allows in 













particular to decide whether the timed language is nonempty, which is equivalent 
to testing the reachability of a final state. 

More elaborate queries regarding the behavior of a PolITA can be expressed 
through temporal logics like CTL [15122) or timed extensions of such logics like 
TCTL [TTTR| . Here we use a timed extension of CTL which allows to reason over 
the values of clocks of the PolITA. 

Let AP be a set of atomic propositions, we equip the states of A with a label¬ 
ing lab : Q —>■ 2^^ of propositions that hold in the given state. For convenience, 
we assume that Q C AP with for all q, q' £ Q, q' G lab{q) iS q = q'. 

Definition 2.5. Formulas of the timed logic TCTLint are defined by the follow¬ 
ing grammar: 


if ::= p \ if f\ tp \ |PixiO|A'^U'0| EtpUijj 

where p G AP, P is a polynomial of Q[xi,..., Xn], and ixis {>,>,=,<,<}. 

We use the classical shorthands Ep = traeUp, Gp = ^F^p, and boolean opera¬ 
tors. The reachability problem of a state q is simply the satisfaction of E Eq. 

The formulas of TCTLint are interpreted over configurations of A, hence the 
semantics of TCTLint is defined as follows on the transition system Ta associated 
with A. Let Run(s) denote all runs starting from configuration s = {q,v). For 

p = {q, v) (g, V +a(( 3 ) di) (g 2 , V 2 ) ■ ■ ■ G Run{s), a position in p is a pair 
TT = {i,S) where 1 < i and E) < 5 < di. The configuration corresponding to tt 
is Stt = +A(qi) iJ) (with qi = q and vi = v). We denote by <p the strict 

lexicographical order over positions of p. 

For basic formulas: 

s ^ p iff p G lab{s) 

s^PixiO iff u^PcxiO 

and inductively: 


s \= (fi Alp 

iff 

s \= p and s \= Ip 


S\=^lf 

iff 

s ^ p 


s \= A ipU Ip 

iff 

for all p G Run{s), p\= ip\d ip 


s 1= E(pU Ip 

iff 

there exists p G Run(s) s. t. p \= 

p\}ip 

with p\= Ip 

iff 

there is a position tt G p s. t. 

h V' 



and Vtt' <p tt, s,r' \= '*/’■ 



The automaton A satisfies ip (written A\= ip) A the initial configuration sq 
of Pa satisfies ip. The model checking problem asks, given A and ip, whether 

A\=ip. 

As mentioned in the introduction, an exhaustive traversal of the (uncount¬ 
able) transition system Pa is not possible, and the model checking algorithm 
relies on an abstraction of said transition system. This abstraction needs to be 
refined enough to capture both time elapsing and discrete jumps through the 
crossing of a transition. Namely, two configurations in the same abstraction class 
should reach the same successor classes when time elapses or when an update is 







applied. Moreover, the truth value of subformulas P cxi 0 should be invariant in 
each abstraction class. 

The previous works of mm on ITA built such an abstraction by relying on 
a set of expressions with rational coefficients. These expressions contained linear 
forms involved in guards and updates, along with the active clock of the level. 
Moreover, since the ordering of two expressions at a given level could rely on the 
value of lower-level clocks, some expressions were required at inferior levels. The 
classes were then defined as subsets of K" where the ordering of expressions was 
constant. 

In the sequel, we adapt the above process in the context of PolITA, where 
the constraints are polynomial rather than linear, and hence yield regions that 
are not polyhedra, but cells defined by a so called cylindrical decomposition. 

3 Cylindrical algebraic decomposition for first-order 
theory of reals 

Cylindrical algebraic decomposition is introduced by Collins in m for solving 
quantifier elimination problems of first-order formulas over the reals. The first 
algorithm for solving this problem was given by Tarski in |2dj but its complexity 
was non elementary recursive. Cylindrical algebraic decomposition is doubly ex¬ 
ponential in the number of variables and is now a popular technique for solving 
polynomial systems over the reals. Given a polynomial family, it essentially par- 
tionates the ambient space into cells which are homeomorphic to ] 0 , 1 [* over which 
the input is sign-invariant. These cells are also intrinsically arranged together 
with a nice cylindrical structure which we explain further. Later on, a procedure 
in EXPSPACE was established [7]. The best lower bound currently known for 
this problem is ST (a complexity class defined by machines with 
limited alternations and located between EXPTIME and EXPSPACE) and it 
already holds without the multiplication HU. 

We consider formulas that express properties of reals. There are inductively 
defined as follows. An arithmetic expression is: 

— either an integer constant, a variable; 

— or ei -|- 62 , Cl * 62 where ei and 62 are arithmetic expressions. 

A formula is: 

— a basic formula: e ^ 0 where {<, =} and e is an arithmetic expression; 

— or (fi A ip 2 , ^i\/ ^P 2 , 3xipi where ipi and ip 2 are formulas and x 

is a variable. 

A sentence is a formula without free variables. A sentence has a truth value when 
interpreted over K and we are looking for deciding the truth of a formula. 

For our purposes, we will adapt the cylindrical algebraic decomposition. So 
we develop in the section all the required machinery. Here we only describe the 
general principles and we explain how it can be used for deciding the truth of a 
formula. The first concept that we introduce is the one of cell. 




Definition 3.1. A cell of level n is a subset o/K" inductively defined as follows. 

— When n = 1, it is either a point or an open interval. 

— A cell C of level n + 1 is based on a cell C of level n. It has one of the 
following shapes. 

1. C = {(a;, f{x)) I X G C'} with f a continuous function from C to K; 

2. C = {{x,y) I a; S C" A l{x) < y < ■u(a:)} with I < u continuous functions 
from C to K, possibly with I = —oo and/or u = +oo. 

By convention the single cell of level 0 is . 

Let V = {Vi]i<i<n be a family of subsets of polynomials such that for all 
P G Vi, P G By convention, we extend V with Vq = 0. The 

second concept that we introduce is the sign invariance of a cell w.r.t. V. 

Definition 3.2. Let V = {Vi}i<n. A cell C of level i is V-invariant if: 

— For all j < i, for all P G Vj, for all x,y G C sign{P(x)) = sign{P{y)). 

— When i < n, 

1. either C x M js V-invariant; 

2. or there exists /i < • ■ • < /r continuous functions from C to M. such that 
all the following cells are V-invariant: 

• for all 1 < i < r, {(x, f/x)) \ x G C}; 

• for all 0 < i < r, {{x,y) | a; G C A f/x) < y < fi+i{x)} with the 
convention that fo = —oo and = +oo. 

Observe that is 7^-invariant, and that one can inductively define a tree of 
7^-invariant cells as follows. 

— The root of the tree is 

— Let C be a P-invariant cell of level i < n belonging to the tree. Then de¬ 
pending on the kind of invariance, 

1 . either C has a single child C x K; 

2. or for some r G N\{0}, C has 2r-|-l ordered children {(a:, y) \ x G CAy < 
/i(a;)}, {ix,fi{x)) I a: G C}, {ix,y) | x G C A fi{x) < y < f 2 ix)}, ... , 
{(x,y) I X G C A y > /^(x)}. 

This tree is also called a cylindrical decomposition. 

Example 3.3 m)- Consider the single polynomial Ps = -j-X^+X^ — 1, with 

Ps = 0 representing a sphere of radius 1 in as shown in Fig. At level 1, K 
is partitioned into 5 cells: 

C_oo =]-oo,-l[ C _1 = {-1} Co =]-!,![ 

Cl = {1} C+oo =]1, +oo[ 

At level 2, is partitioned above the previous cells. There is a single cell 
C_oo X K above C_oo (and similarly C+oo x K above C+oo). Above C_i are 
three cells, its children in the tree: 


{-l}x] - oo,0[ 


{(-1,0)} 


{-l}x]0, -l-oo[ 


Fig. 3. Cylindrical decomposition of a sphere. 


The cells above Ci are similar. 


And above Cq are 5 cells: the interior of the disc Co.o, its lower and upper 
edges Co,-i and (7o,i and the exterior of the circle (the lower and upper parts) 
^ 0 ,—oo and C^o.+cjo- 


Co.i 


( —1 < Xi < I 

\a:2 = y/1 - xl 


a 


0,+c>o 


— 1 < Xi < 1 

X2 > a/I - x\ 


C’o.o : 



Co,-l 


— 1 < Xi < 1 

X2 = --/l - xl 


— 1 < Xl < 1 
X2 < - a /1 - xl 


1 < Xl <1 

yjl- x\ <X2 < \J\- x\ 











At level 3, cell C^-i is further lifted in three cells where Co,-i,o is half the 
equator circle of the sphere: 


{ —1 < Xi < 1 

X2 = -a/I - xf 

X3 < 0 


{ —1 < Xi < 1 

X2 = -a/I - xl 

X3 = 0 


{ —1 < Xl < 1 
X2 = - v^l - Xl 
X3 > 0 

And Co^o is lifted into 5 cells: below (and above) the inferior (resp. superior) half 
of the sphere, said inferior (resp. superior) half, and the interior of the sphere. 
These cells are determined by two functions /i(xi,X 2 ) = —— Xi — x^ and 
/2(X1,X2) = a /1 - xf - x|. 


Algorithm 1: Checking the truth of a formula 
Data: A cylindrical decomposition having parameter C as an element. 
Check(^, i, C,S): a boolean 

Input: ip, a prenex sentence with n variables, C, a "P-invariant cell of level i 
Input: S, a set of pairs of polynomials and signs 
Output: the truth value of ip 
Data: j, k, some indices 

// The expression sign{P(C)) uses the sign invariance of C 
S^SU {{P, sign{P{C)) | P e P,} 

// When i = n, all atomic formulas of ip are determined by <S 
if i = 11 then return iliiS) 

// Let Cl,. . . ,Ck be the children of C 
if Qi+i = 3 then 

for j from 1 to fc do 

I if Check((p, i + 1, Cj,S) then return true 
end 

return false 
else 

for j from 1 to fc do 

I if ^Check(<p,i + l,Cj,<S) then return false 
end 

return true 
end 


Let us explain how a cylindrical decomposition is useful for first-order theory 
of reals. Any sentence can be transformed into an equivalent prenex formula 
(p = QiXi ... QnXn4’ such that Qi € {V, 3} and ip is a quantifier free formula that 
checks signs of polynomials evaluated on some of the x^’s. Thus by syntactical 






examination, we first build the family V from the polynomials occurring in iIj. 
Assume that we produce a cylindrical decomposition for V. Then Algorithm [l] 
solves the decision problem with the call Check((^, 0, 0). The correctness of 

the algorithm is proved by (1) the sign invariance of the cells, (2) the partition 
of C X M between the children of a cell C and (3) a backward inductive property: 
given a cell C of level i, the truth of Qi+iXi+i ... QnXn^’ does not depend on the 
point (xi, ... ,Xi) G C. 


The section is organized as follows. In subsection |3.1| we develop algorithms 
for rings with some additional assumptions that depend on the algorithms (also 
presented in 0 )- The main hypothesis is that we consider subrings of K for which 
there is a decision procedure for evaluation of the sign of an item. In Subsec¬ 
tion 3.2 we introduce triangular systems which are representations of algebraic 
reals and domains of K and we establish that they are sign-effective. Subsec¬ 
tion [3^ is devoted to the building of a cylindrical decomposition. It consists in 
two stages: the elimination stage that enlarges V and the lifting stage that builds 
the cylindrical decomposition. In this decomposition a cell is represented by an 
algebraic real (i.e. a triangular system) belonging to it. 


3.1 Algorithms in sign-effective subrings of reals 

Preliminary remarks. Let us denote by A a domain he., a ring with no di¬ 
visors of zero. Fa denotes the field of fractions of A. Whenever we will describe 
algorithms involving a domain A, we assume a representation of an item of A. 
For instance, the representation of | G Q could be the pair of integers (p, q). We 
do not require that the representation is unique but that the following opera¬ 
tions are effective: addition, multiplication and zero-test. We denote multiplica¬ 
tion and addition as usual. The function that performs the zero-test is denoted 
Null (A, d) with d, a representation of some item of A. 

The goal of this section is to exhibit some problems that can be solved in 
A[Ar] (for ACM) when, in addition to the previous operations, the sign of an 
element of A can be determined. The sign is defined by sign{0) = 0 and for 
X G A \ {0}, sign(x) = 1 if x > 0, sign{x) = — 1 if x < 0. The function that 
computes the sign is denoted Sign(A, d) with d, a representation of some item 
of A. Since the procedures we describe may depend on additional properties like 
this one, we will indicate which properties are assumed for the algorithms. 
Notations. The sign of a permutation that reverts the order of i items is denoted 
by Si = (—1) * 2 *. We denote by Rem the remainder of the Euclidean division 
in A[A]: for polynomials P,Q G A[A] with respective degrees p, q, Rem{P, Q) G 
Fa[A] is the unique polynomial of degree less than q such that there exists 
C G Fa[A] with P — QC + Rem{P, Q). 

Computing the degree of a gcd. We start with a characterization of the degree 
of the gcd of two polynomials that holds in any domain. The interest of this 
characterization is that it only involves whether some determinants in A are 
null and thus can be computed by additions, multiplications and zero-tests. 
Furthermore, subresultants will also be useful later on. 




Definition 3.4 (Sylvester-Habicht matrices and subresultants). Let A 

be a domain. Let P,Qg A[X] with P = Q = sueh 

that Op ^ 0, bq 0 and q < p. Then the Sylvester-Habicht matrix of order j for 
0 < j < min(p — 1, q) is the {p + q — 2j) x (p + q — j) matrix SyHoj {P, Q) whose 
rows are X‘^~^~^P,..., P,Q,..., XP~^~^Q considered as vectors with respect to 
the basis XP+‘i-^-^,..., X,l. 

The j-th subresultant denoted sReSj{P, Q) is the determinant of the square ma¬ 
trix SyHajj{P, Q) obtained by taking the first p-\-q—2j columns of SyHaj{P, Q). 
When q < p, this definition is extended for q < j < P by: sReSp{P, Q) = Gp, and 
sReSj{P, Q) = 0 for q < j < p — 1. 

Remark 3.5. Observe that when q < p, SyHaq{P, Q) consists of Q,..., XP~'^~^Q 
(without any occurrence of P). Hence sReSq {P, Q) is the determinant of a matrix 
obtained by reverting the rows of bqLdp-q, which yields sReSq{P, Q) = ep-qbP~‘^. 

Example 3.6. Consider polynomials P = aX'^ — 1 and Q = X -\- (3, obtained 
from the PolITA of Fig. when the value of Xi has been fixed. By definition, 
we have sRes 2 {P, Q) = a, and by the above remark, sResi{P, Q) = 1. Precisely 
SyHai{P,Q) is the one row matrix (l,/3) and SyHai^i{P,Q) = (1). For j = 0, 
one must compute the determinant of the matrix whose rows are P,Q,XQ, 
namely 



whose determinant is 1 — a/3^. 

Proposition 3.7. Let A be a domain and P,Q G A[A] with P = J2i<p o,nd 
Q = J2i<q such that Op ^ 0, bq 0 and q < p. Let 0 < j < min(p — l,q). 
Then deg(gcd{P, Q)) = j if and only if sReso{P, Q) = ■ ■ ■ = sReSj-i{P, Q) = 0 
and sReSj(P, Q) 0. Consequently when p = q, deg{gcd{P, Q)) = p if and only 
if sReso{P, Q) = ■ ■ ■ = sReSp-i{P, Q) = 0. 

Proof. Observe that sResj (P, Q) = 0 if and only if there is a non trivially null 
linear combination of polynomials aq-j-iX'^~3~^P + • • • + aoP + f3oQ + ■ ■ • + 
l3p-j-iXP~3~^Q of degree strictly less than j. This is equivalent to the existence 
of two non null polynomials U = J2i<q-j-i and V = J2i<p-j-i PiX^ such 
that degfUP -\-VQ)< j. 

We claim that sReso{P, Q) = ■ ■ ■ = sReSj-i{P, Q) = 0 if, and only if, it is the 
case that deg{gcd{P,Q)) > j, which will yield the desired conclusion. Assume 
that deg{gcd{P,Q)) > j which is equivalent to deg{lcm{P,Q)) <P + q — j which 
is equivalent to the existence of polynomials U, V with deg{U) < q — j, deg{V) < 
p — j and UP = —VQ. Our previous observation implies that sReso{P,Q) = 
• • • = sReSj-i{P,Q) = 0. 

The reverse implication is established by induction on j. When sReso{P, Q) = 0, 
the existence of U and V such that UP-\-VQ = 0 with deg{U) < q and deg{V) < 
p implies deg{gcd{P,Q)) > 1. When sReso{P,Q) = ••• = sResj{P,Q) = 0, 


the inductive hypothesis applied to j — 1 implies deg(gcd(P,Q)) > j. From 
sResj{P, Q) = 0, we again obtain U, V such that with deg{U) < q — j, deg{V) < 
p — j and deg{UP + VQ) < j. Since gcd{P, Q) divides UP + VQ this implies that 
UP+VQ = 0 and so deg{lcm{P, Q)) < p+q—j and finally deg{gcd{P, Q)) > j+1. 

□ 

Due to the importance of the subresultant notion, we want a way to com¬ 
pute them efficiently. To this aim, we introduce the “polynomial” matrices and 
determinants. Let us introduce additional notations. 

Definition 3.8. Let Pi,..., Pm be polynomials in A[X]of degrees less than n 
with m < n and Pi = ■ Then pmatn{Pi, ■ ■ ■ ,Pm) is the m x m 

matrix whose items are defined by: 

- For all i < m, j < m, pmat„(Pi,..., Pm)[i,j] = Pi,n-j- 

— For all i <m, pmatn{Pi, ■ ■ ■, Pm)[i, Tn] = Pi. 

Additionally, let pdetn{Pi, ■ ■ ■, Pm) = det{pmatn{Pi, ■ ■ ■, Pm))- 

Otherwise stated, the tth row of matrix pmatn{Pi, ■ ■ ■, Pm) consists of coeffi¬ 
cients of Pi in descending order down to n — m -I- 1 ended by polynomial Pi 
itself. 

Definition 3.9. Consider P,Q polynomials with respective degrees p > q. We 
define, for 0 < j < p, 

- for0<j< q, sResPjiP, Q)pdetp+q-fiX‘i-^-^P ,..., P, Q,..., XP-^-^Q), 
that is det{SyHaPj{P,Q)), where 

SyHaPfiP, Q) = pmatp+q-fiX^-^-^P ,..., P, Q,..., XP-i-^Q). 

— for q < j < p — 1, sResPj{P, Q) = 0; 

— for j = p — 1, sResPj{P,Q) = Q (which is consistent with the original 
definition in case q = p — 1); 

- for j = p, sResPj{P, Q) = P. 

From the above definition, one can straightforwardly see: 

Proposition 3.10. sResPj{P,Q) is a polynomial of degree at most j and the 
coefficient of degree j of this polynomial is sResj{P, Q). 

Additional assumption. We assume here that the integral division is effective 
in A: given a,b G A, there is an algorithm that answers whether there exists 
c € A with a = be and returns c in the positive case. This is the case in particular 
in any ring over Z[Xi ,.. .,Xk] = 1[Xi] ■ ■ ■ [Xk-i][Xk] or Q[Ai,.. .,Xk] where 
the algorithm consists in trying to perform a (recursive) Euclidean division, 
stopping and answering negatively when a coefficient of the quotient is not in 
the corresponding ring or there is a non null remainder. We denote the integral 
division by the usual fraction symbol since we will only use it when the result is 
defined. 



Algorithm 2: Computing the subresultants for P, Q. 


Subresultants(A, P,p, Q, g): a vector 

Input: P, Q, non null polynomials in A[A] with respective degrees p > q 
Output: the vector of subresultants {sResi{P,Q))o<i<p 
Data: SresP a vector over A[X] indexed by [0,p] 

Data: s,t vectors over A indexed by [0,p]; some indices 

SresP[p] -s— P; s[p] -s— 1; t[p] -s— 1; SresP[p — 1] -s— Q; t[p — 1] Q[q\ 
if q = p — 1 then s[p — 1] t[p — 1] else s[p — 1] 0 

for £ from g + 1 to p — 2 do s\£\ 0 

SresP\q] ^ ep-qt[p - t\q] SresP[q][q]; s[g] ^ t[q] 

i ^p + 1; j 

while Degree(A, SresP[j — 1]) ^ —oo do 

k c— Degree(A, SresP[j — 1]); t[j — 1] SresP[j — l][fc] 

if k = j — 1 then s[j — 1] <— t[j — 1] 

else 

for I from fc + 1 to ji — 1 do s[£] 0 

m ^ - 1]; s[k] ^ t[k] 

SresP[k] ^ 

end 

SresP[fc — 1] --Rem(t[j-l]a[fc]afleaP[i-l],3flesP[j-l]) , ^ j ^ 

end 

for £ from 0 to j — 2 do s\£\ 0 

return a 




——l]s[fc]si?esP[i —l],sHesP[j —1]) 

dilhi-i] ’ * ' 




Our goal is to compute sResj {P, Q) by decreasing values of j and only relying 
on Euclidean divisions that remain in A[X]. For sake of clarity, we denote Sj = 
sReSj (P, Q) and tj the leading coefficient of sResPj (P, Q) except for Sp = tp = 1. 
When sResPj{P, Q) has degree j, we have sj = tj. Developing the last column 
w.r.t. the degrees of X and observing that for degrees > j the corresponding 
vector of reals already occurs in a former column, we can safely substitute to 
the polynomials their truncation up to degree j. Then it is immediate that 
sResPj{P, Q) = 0 iff there exist polynomials U, V with deg{U) < q—j, deg{V) < 
p — j and UP + VQ = 0. As a consequence, for all j' < j, sResPjt{P, Q) = 0. 

The next proposition is the basis of Algorithm for the efficient computa¬ 
tion of subresultants. As can be deduced from this proposition, the computation 
consists in taking successive remainders of Euclidean divisions (up to some con¬ 
stant) in order to get sResPi--i{P,Q) and then some scalar multiplications and 
divisions to get sResPi.^^(P,Q). Function Degree returns the degree of a poly¬ 
nomial in N U {—oo} by looking at the first non null coefficient (using Null 
function). 


Proposition 3.11. Let P, Q he non null polynomials o/A[A] withp = deg{P) > 
deg{Q) = q. There exists a sequence of strictly decreasing indices 
with ii = p + I, i 2 = p, is = q that fulfills the following properties: 


— for all ^ < j < J, sResPi.{P,Q) has degree ij (and so Si. = ti.), for all 
j < J, sResPi.-i{P,Q) has degree ij+i and ifij > 0 then for all k < ij, 
sResPk{P,Q) — 0 and sResPij_j^-i{P,Q) = gcd{P,Q); 

— for all j < J, when ij — l > ij+i, for all ij+i < k < ij — 1, sResPk{P, Q) = 0 
and ti.-isResPi-^^{P,Q) = Si.^^sResPi.-i{P,Q) with 

— for all 1 < j < J, Si.U^_^-isResPi._^^-i{P,Q) = 
-Rem{si.^Ji-_isResPi._^_i{P,Q),sResPi._i{P,Q)). 


Substituting in the equation of the third item sPesPq_j_i(P, Q) by 

sResPi- (P, Q) (justified by the equation of the second item) and then 


multiplying by ^ ^ one also obtains: 

sf^sPesPi^.^j_i(P, Q) = -Rem{si.^^ti._isResPi.{P,Q),sResPi. 


i{P,Q))- 


Proof. Let R = Rem{P,Q). Let us look at SyHaPj{P,Q) for j < q — 1. Write 
C = '^i<p-qCiX^ (the quotient of Euclidean division of P by Q). We have 
R = P—^iCp_q CiX^Q. Due to this equality, changing the rows X’i~^~^P,... ,P 
by X'^~^~^R,... ,R does not modify the determinant sResPj{P, Q). We define 
the determinant Dj of the matrix obtained by reverting the order of the rows 
and replacing R by —R. The first operation amounts to multiplying by ep+g_ 2 j 
and the second one by (—1)'^“-^. Since ep+g_ 2 j(—1)'^“-^ = £p-q, we have: 

Dj = ep-qsResPj{P, Q). 

We first prove the properties related to indexes between p and q — 1. Let us 
look at the second item. For the first part by convention for all g < j < p — 1, 





sResPj{P,Q) = 0. The second part of the second item corresponds to the case 
j = 2 with Sp = Op, tp-i = Sq = bq. So the equation can be written as: 

bP-<i 

bqSResPq{P, Q) = SqQ with Sq = Ep-q ^p_q_i 
which is equivalent to: 

sResPq{P,Q) = Ep-qhP-'i-^Q. 

Since sResPq{P,Q) = pdetp{Q,... the result is immediate. Let us 

look at the third item: Dq_i = —bP~‘^~^^R. So 

sResPq-i{P,Q) = —Rem{ep-qbP~'^'^^P,Q). 

By convention, Sp = tp = 1, sResPp{P,Q) = P and sResPp-i{P,Q) = Q im¬ 
plying tp_i = bq. Furthermore we have shown that Sq = £p-qbP~'^. Substituting 
in the previous equation establishes the third item. 

We prove the remaining properties by induction on J. Let R = Rem{P, Q) = 0 
which implies that Q = gcd{P,Q) and sResPq-i{P,Q) = 0. So the base case 
(J = 3) is established. 

Let R = Rem{P, Q) ^ 0. Let r be the degree of R, we claim that: 

Vj < q — 1 sResPj{P, Q) = £p-qbP~'^sResPj{Q, —R) (1) 

When j < r = deg{R), Dj can be obtained starting from SyP[aPj{Q,—R) by 
adding the rows XP~^~^Q, ..., X^~^Q and taking the determinant. Thus Dj = 
bP~''sResPj{Q, —R) and so sResPj{P, Q) = bP~^£p_qsResPj{Q, —R). When r < 
j < q — 1 by definition sResPj{Q, —R) = 0 but sResPj{P,Q) = Dj = 0 since 
the polynomial matrix pmatp+q-j{XP~^~^Q,... ,Q, X'^~^~^R,... ,R) is upper 
triangular up to its p — j + 1*^ column and since the degree X'^~^~^R is less 
than q — 1, the diagonal term of this column is null. 

Due to this proportionality between sResPj{P, Q) and sResPj{Q, —R) with 
factor ep-qbP~'^ and the inductive hypothesis, it only remains to prove that the 
two following equalities hold: 


Sqtp-isResPj.-i{P,Q) = —Rem{srtq-isResPp-i{P,Q),sResPq-i{P,Q)) ( 2 ) 


and 


Sr — £n—r 


(tg-l)'' 




(3) 


For Equation ([^, using the inductive hypothesis for the pair {Q,—R), the 
following equation holds: 


s'^ sResPr-i{Q,—R) = —Rem{s'j.t'q_isResPq{Q,—R),sResPq-i{Q,—R)) 

where the primed version of Si and ti are related to the pair (Q,—R). By con¬ 
vention, Sg = 1. So: 


Sqtp — \sRcsPj .—— ^qip —i^p— sResPj. —1(15, R') 




= {ep.qbP-‘>){bg)ep.gbP-^sResPr-i{Q,-R) 

= -Rem{{ep-qbP~'^s'^){ep-qbP~‘>+^tg_-f^)sResPq{Q, -R), sResPq-i{Q, -R)). 

Observe that the factor of proportionality established above implies that 
= ep-qbP~'^'^^s'^. 

Since sResPq-i{P,Q) = —ep-qbP~‘^~^^R and sResPq-i{Q,—R) = —R, one ob¬ 
tains tq-i = ep-qbP~‘^~^^. So: 

Sqtp-isResPr-i{P,Q) = —Rem{srtq-isResPq{Q,—R),sResPq-i{Q,—R)) 

= —Rem{srtq-iQ,—R) = —Rem(srtq-iQ,—ep-qb^~'^'^^R) 

= —Rem(srtq-isResPp-i{P, Q), sResPq-i{P, Q)) 

For Equation let us look at the following matrices. 


(bq 

bq-1 ■ 

.... AP-9-ig\ 


(bq 

bq-l ■ 

.... XP-<1Q \ 

0 

bq . 

.... XP-‘1-^Q 


0 

bq . 

.... XP-^-^Q 

0 

0 . 

. bq XQ 


0 

0 . 

■ bq Q 

VO 

0 . 

. 0 Q ) 


^0 

0 . 

.0 -R ) 


The left matrix that we define Dq has been obtained by reverting the p — q 
rows of SyHaPq{P,Q). So its determinant is equal to ep-qsResPq{P,Q). The 
right matrix is Dq_i. As we have already seen, its determinant is equal to 
ep-qsResPq-i{P, Q). Denoting —R = J 2 i<r is now obvious that bqUr = 

As a consequence, we obtain that: 

Sg 

sResPq_i{P,Q) = -ep_qbP^-'^+^R ( 4 ) 

Let us look at the following matrices. 


6,-1 . xp-’-^Q \ 

0 6, . xp-’-^Q 


0 0 ... 6,. Q 

0 0...00 0...0 -R 
0 0 ... 0 . . . OLr -XR 


0 0 . 0 ar . 

Vo 0 . ar-i . -X't-’-^R/ 


/6, 6,-1. XP-’-iQ \ 

0 bg . XP-'-^Q 


0 0 ... 6,. Q 

0 0 . 0(r Qr-l. —X^~^~^R 

0 0 . 0 a,. . -Xi-'—^R 


0 0 ... 0 ... ar -XR 

Vo 0...00 0 ...0 -R ) 


The left matrix is Dr and the right matrix has been obtained by reverting 
its last q — r columns. So the determinant of the latter matrix is proportional 
to the determinant of the former with factor Sq-r- On the other hand, the de¬ 
terminant of the right matrix is equal to the determinant of Dj-i multiplied by 
[bqarY~''~^■ Combining the different equalities, we obtain that: sReSr{P,Q) = 

eq-r{-^)'^~^~^sReSq-i{P,Q) and consequently Sr = tr = Sq-r q-~r-i - 

*9 Sg 

This concludes the proof. □ 



































Computing sign realizations at roots of a polynomial 


Now we consider the special case of A = D, D being a sign-effective subring 
of K. The main ingredient for analyzing real roots of a univariate polynomial is 
the Cauchy index. We denote by Zer{P) = {z G M | P{z) = 0}, mult{P, z) = 
max{n | {X — z)"|P} and Pole{Q/P) = {z € K | mult{Q,z) < mult{P, z)}. 
For z in Pole{Q/P), remark that Q/P{w) goes to -foo or —oo as w tends to z 
on the right (respectively on the left), therefore the sign oi Q/P keeps constant 
sufficiently close on the right (respectively on the left) of z. 


Definition 3.12. Let P,Q G D[Ar]. Then the Cauchy index of Q/P is defined 
by: 

Ind{Q/P) = \ Y.z&Poie(Q/p) sign{{Q/P){z+)) - sign{{Q/P){z-)) 
where sign{{Q/P){z'^)) and sign{{Q/P){z~))) denote respectively the sign of the 
rational function Q/P at the right and at the left of z. 


For z G Pole{Q/P), the value sign{{Q/P){z'^)) — sign{{Q/P){z~)) in {—2,0, 2} 
depends on the parity of the difference fip — PQ of respective multiplicities of z 
as root of P and Q, when pLp > ytQ (and ytQ = 0 if z is not a root of Q). 


Example 3.13. Recall polynomials P = aX'^ — 1 and Q = X + fi oi example 3.6 
Let us compute the Cauchy index of Q/P for several values of a and (3. 


— Let Pi,Qi be the above polynomials with a = y/f) and f3 = ^ These 
values were obtained by setting Xi to . The poles of Q\/P\ are zi = 
— and Z 2 = -^. One can see that X P fl remains negative between those 
poles. Hence 


Ind{Qi/Pi) = ]^{sign{Qi/Pi){z//) - sign{Qi/Pi){z.^ ) 

+sign{Qi/Pi){z^) - sign{Qi/Pi){zf)) 

= i(l-(-l) + (-l)-l) = 0. 


— Let P 2 , Q 2 be the above polynomials with a = 2y/5 — 1 and /? = 0, which can 
be obtained by setting Xi to V5. The poles of Q 2 /P 2 are Zi = —- 


and Z 2 = 


V2V5-1 


y/2P5-l 

. Now since Q 2 has a root between zi and Z 2 , hence 


1 


Ind{Q2/P2) = /^{sign{Q2/P2){z//) - sign(C/2/P2){p ) 

Psign(Q2/P2){z/f) - sign{Q2/P2){zf)) 


= -(!-(-!)+ !-(-!)) = 2 . 


The Cauchy index can be computed in several ways. First we observe that 
we can assume q = deg{Q) < deg{P) = p. Otherwise, let Op be the lead- 

2r g—p+i 1 

ing coefficient of P and compute the Euclidean division of Op ^ Q by P: 










Op^ ^ = PC + R with deg{R) < deg{P). Then Ind{Q/P) = Ind{R/P). 

The multiplication by an even power of Up preserves the signs. Furthermore R is 
obtained by multiplications, additions and zero-tests so that it can be performed 
in a general domain D as indicated in Algorithm 


Algorithm 3: Computing a polynomial positively proportional to 
Rem{Q, P) 

IntRem(D, Q, q, P,p)'. a polynomial with its degree 

Input: P ^ 0,Q, polynomials in D[A] with respective degrees p, q 

Output: a polynomial positively proportional to Rem{Q, P) 

Data: i,j, some indices 

if q < p then return Q, q 
for i from q — p downto 0 do 

for j from 0 to p — 1 do Q[i + j] ■<— P[p](3[i -I- j] — P[j]Q\i -f p] 
for j from 0 to i — 1 do Q[j] ■<— F[p](5[j] 

end 

for i from p to g do Q[i] 0 
if g — p mod 2 = 0 then 

for j from 0 to p — 1 do Q[j] F[p](5[j] 
end 

return Q, Degree(]D), Q) 


Here we use again the subresultants. Let s = (sp,... ,so) be a list of reals 
such that Sp yf 0. Define s' as the shortest list such that s = (sp, 0,..., 0) • s'. 
Then we inductively define: 

r 0 if s' = 0 

PmV (s) = < PmV (s') + ep-qSign{spSq) if s' = (sg,..., sq) and p — q is odd 
[PtoF(s') otherwise 

Here acronym PmV means (generalized) permanence minus variations and as 
can be observed from the definition is related to the sign variations of the se¬ 
quence s. An immediate property of the PmV is the following one. Let Xp,... ,xq 
be such that sign{xp) = ••• = sign{xo) yf 0, then PmV{xpSp,... ,XoSo) = 
PmF(sp,...,so). 

Our approach consists in computing the PmV applied on subresultants. 
Notations. If p = deg{P) > q = deg{Q) > 0, we denote by sRes the tuple 
{sReSp ,..., sReso). 


Example 3.1). For the polynomials of example 
(a, 1, —0/3^ -I-1). 


we have sRes{P, Q) = 


3.13 








— In the first case, sRes{Pi,Qi) = (a/S, 1, 37 Then 

PmV{sRes{Pi,Qi)) = PmV ^1,— 27-\/5 ^ + sign{-\/5) 

„ ^(?,7-27y/l\ . (?,7-27y/b\ . , 

= PmV I -^- I + sj^n I -^- I + stgn(vb) 

C ^ij _ ^2!!\f^ \ 

-^-I + sign{Vb) = 0 + (—1) + 1 = 0. 

— In the second case, sRes{P 2 ,Q 2 ) = (2-\/5 — 1,1, 0). Then 

PmV{sRes{P 2 , Q 2 )) = PmV (1,1) + sign{2\/h — 1) 

= PmV (1) + sign{\) + sign{2y/5 — 1) 

= 0 + 1 + 1 = 2. 


Theorem 3.15. Let P,Q G D[X] with p = deg{P) > q = deg{Q). Then: 
PmV{sRes{P,Q)) = Ind{Q/P) 


Proof. Let P = Q — J2i<q let R be the remainder of the 

euclidean division of P by Q: P = QC + R. We consider two cases, according to 
whether R — 0 or not. 


If i? = 0 then Q/P = 1/C with Op/bq the leading coefficient of C denoted 
by Cp-q, hence sign(cp-q) = sign{apbq). Observe first that the sign of 1/C is 
unchanged between two consecutive poles. So the Cauchy index of 1/C will be 
half the sign of C at +00 minus the sign of C at — 00 . If p — g is even then 
C{x) will go to the same sign when x goes either to +00 or —00 entailing that 
Ind{Q/P) = 0. Otherwise it will go to opposite signs with the sign at +00 being 
sign{apbq), thus entailing that Ind{Q/P) = sign{apbq). 

On the other hand, sReSp{P, Q) = Up, sReSj{P, Q) = 0 ior q < j < p and 
sReSq{P,Q) = ep-qhP~'^ from Remark 


3.5 


By Proposition 3.7 sReSj{P, Q) = 0 


for j < q. When p — q is even, PmV(sRes{P, Q)) = 0 and when p — q is odd, 
PmV{sRes{P,Q)) = ep-qSign[apep-qP/~'^) = sign(apbq). 

When i? ^ 0, we claim that (1) Ind{Q/P) = Ind{—R/Q) + sign{apbq) whenp—g 
is odd and Ind{Q/P) = Ind{—R/Q) otherwise and (2) PmV{sRes{P, Q)) = 
PmV{sRes{Q, —R)) + sign{apbq) when p — qis odd and PmV{sRes{P, Q)) = 
PmV{sRes{Q, —R)) otherwise. This will imply the theorem by induction on the 
degree of P. 


Let G be the gcd of P and Q and write P = PiG, Q = QiG and R = RiG. 
Obviously Ind{Q/P) = Ind{Qi/Pi) and Ind{P/Q) = Ind{Pi/Qi). In addition 
the signs of PQ{x) and PiQi{x) coincide on every point which is not a root of 
PQ. Since the roots of Pi and Qi are distinct: 


]^(sign{PQ[+oo))-sign(PQ[-oo))) = ]^{sign(PiQi{+oo))-sign{PiQi{-<X)))) 









sign{{PiQi){z'^)) - sign{{PiQi){z )) 


z^Zer{PiQi) 


sign{{Qi/Pi){z'^)) - sign{{Qi/Pi){z )) 


zeZer{Pi) 


+ 2 sign{{Pi/Qi)iz~^)) - sign{{Pi/Qi){z )) 

ze^er(Qi) 

= Ind{Qi / Pi)+Ind{Pi / Qi) = Ind{Q / P)+Ind{P / Q) = Ind{Q / P)+Ind{R/Q). 

Since ^{sign{PQ{oo)) — sign{PQ{—oo))) is null when p— q is even and equal to 
sign{apbq) otherwise we obtain the first claim. 

We recall Equation where r is the degree of R-. 

Vj < q — 1 sResPj{P, Q) = ep-qb^~'^sResPj{Q, —R) 

and Equation [ij 

sResPq^i{P,Q) = -ep_qlfq~‘^^^R. 

Case 1: q — 1 > r. 

Pmv{sRes{P, Q)) — 

PmV (ap,0,. . . ,0,£p_g6^“^,0,. . . ,0, b^~'^ep-gsRes^(Q, — i?), . . . , b^~'^€p-qsResQ(Q, —R)) 

Case 1.1: q > r — 1 and p — 5 is even. 

Pmv{sRes{P, Q)) — 

PmV{ep-gb^~'^, 0, . . . , 0, b^~^ep-gsReSp(Q, —R), . . . , b^~’'£p_gsResQ(Q, —R)) 

= PmV(bP-‘’,0, .... 0. b^-^sReSp(Q,-R), .... b^-’’sReso(Q,-R)) 

= PmV(l, 0. .... 0. b^-’'sReSp(Q, -R), .... 6’-''siJeso(Q. -i^)) 

— PmV (bg“^.0. . . . .0. sReSp(Q, si?eso(Q. —R)) 

Case 1.1.1: q > r — 1 and p — q is even and q — r is even. 

— PmV{sReSp{Q, —/?), .... sResQ{Q, —R)) — PmV{sRes{Q, —R)) 

Case 1.1.2: g > r — 1 and p — g is even and g — r is odd. 

— PmV(bg,0, . . . .0. sReSp{Q, — i?), . . . , sResq^Q, —R)) — PmV{sRes{Q, —R)) 

Case 1.2: g > r — 1 and p — g is odd. 

Pmv{sRes{P, Q)) 

= PmV(ep_gbJ“’. 0. .... 0. b^~‘^ep-gsReSp{Q, —R), .... b^~’'ep-gsReso{Q, —R)) 

+ep-g8ign{apep-gb'^~‘‘) 

— PmV{b^~^ ^ 0. .... 0. b^~^ sReSp(Q^ —R), .... b^~^ sReso(Q^ — R)) + sign{apbg) 

— PmV (bg“^.0. . . . .0. sReSp{Q, — 7?), . . . . si?eso(Q, —R))+ sign{apbq) 

where we conclude as in subcases 1 . 1.1 and 1 . 1 . 2 . 

Case 2: g — 1 = r. 

In this case using Equation|^ sReSq-i{P, Q) = —Sp-qb — Cr = £p-qb^~^{—c — r) 

where Cp is the leading coefficient of R 
So Pmv{sRes{P, Q)) 

= PmV{ap,0 ,.... O.Ep-gfef^, b\~^£p-qsReSq-i{Q, —R),£p-qsReso{Q, —R)) 
And we conclude as in case 1. 

□ 

Algorithm [^describes how to compute the PmV and so the Cauchy index of 
two polynomials. Now let us introduce the Tarski query. 


Algorithm 4: Computing the generalized permanences minus variations 
PmVPol(A, P,p, Q, q)'. an integer 

Input: P, Q, polynomials A[A] of degree p and q with q < p 
Output: PmV(sReSp(P, Q),..., sReso{P, Q)) 

Data: j an index, Sp,... ,so a sequence of signs 
Data: sReS{P, Q) a sequence of items of A 

if g = —oo then return 0 

// consistently with Cauchy index definition 
sRes{P, Q) -(r- SubResultants(A, P,p, Q, q) 

// The subresultants computation depends on A 
// since Algorithm has an additional assumption, 
for j from 0 to p do Sj Sign(A, sReSj{P, Q)) 
return PmV {Sp,..., So) // by applying the definition 


Definition 3.16 (Tarski query). Let P,Q £ D[A]. Then: 

TaQ(Q,P)= ^ sign{Q{z)). 

z£Zer{P) 

The Tarski query is closely related to the Cauchy index as established by the 
next proposition. 

Proposition 3.17. Let P,Q € D[A]. Then: 

TaQ{Q,P) = Lnd{P'Q/P). 

Proof. Let z be a root of P with multiplicity p. Then P'Q/P = Q{j^^+R) with 
R a rational function with no pole at z. If Q{z) = 0 then P'Q/P has no pole 
in z. Otherwise sign{{P'Q/P){z~^)) = sign{Q{z)) and sign{{P'Q/P){z~)) = 
—sign{Q{z)). The assertion of the proposition follows. □ 

Example 3.18. — For Pi = i/SX^ + l and Qi — , we have P( = 2\/5X. 

The sign of P^Qi around the poles of P[Qi/Pi is constant: positive around zi 
and negative around Z 2 . Hence Lnd{P!iQi/Pf) = ^(—1 — 1 + (—1) — 1) = —2. 
On the other hand, since the sign of Qi is negative at both zi and Z 2 , 
TaQ(Qi,Pi) = -l + (-l) = -2. 

- For P2 = {2y/b - l)X^ - 1 and Q 2 = A, we have P^ = (4^5 - 2)X. The 
sign of P2Q2 is always non-negative, hence it is so at the poles of P2Q2/P2, 
where it is non-zero. Hence Ind{P2Q2/P2) = |(~1 — 1 + 1 — (—1)) = 0 while 
Q2 has the same sign as the roots of P2, so TaQ{Q2, P2) = —1 -I- 1 = 0. 

In fact the Tarski question is an auxiliary value. The values we are really 
interested in are the following counters: 


nbp(Q)[-l] = |{z G Zer{P) \ Q{z) < 0}|; 
nbp(Q)[0] = |{z G ZeT{P) \ Q{z) = 0}|. 






nbp(Q)[l] = \{z G Zer{P) \ Q{z) > 0}|; 


The following lemma whose proof is obvious is the key for computing such 
counters. 


Lemma 3.19. The Tarski queries and root counters are related by: 


- TaQ{l,P) = nbp((3)[-l] +nbp(Q)[0] +nbp(Q)[l]; 

- TaQ{Q,P) = -nbp(Q)[-l] +nbp(Q)[l]; 

- TaQ{Q‘^,P) = nbp((5)[-l] + nbp(Q)[l]. 


Example 3.20. We previously computed TaQ{Qi,Pi) = —2 (see Example 3.18). 
The value TaQ{l, Pi), actually computed through Ind{Pl/Pi) yields the number 
of roots of Pi, which is 2. Finally, computing TaQ{Ql, Pi) can also be done 
through the Cauchy index, and yields the number of roots of Pi that are not 
roots of Qi, in this case also 2. 

As a result, solving the system induced by the above lemma, there are two 
roots of Pi where Qi is strictly negative, and no root of Pi where Qi is positive 
or null. The polynomial Qi has degree 1, this shows that both roots of Pi are 
strictly smaller than the (only) root of Qi. 


Thus defining the invertible matrix Mi and vector TaQp((5) by: 


/I 11\ /TaQp(Q)[0]\ /TaQ{Q°,P)\ 

Ml = -1 0 1 TaQp(Q) = TaQp(Q)[l] = TaQ{Q\P) 

\l OlJ VTaQp(Q)[2]y \TaQ{Q\P)l 


we obtain: 

Proposition 3.21. 

TaQp(g) = Mi •nbp(Q) 

As we are interested in determining the simultaneous signs of polynomials 
evaluated on the roots of another polynomial we generalize mappings nbp and 
TaQp to a sequence of polynomials. 


Definition 3.22 (Generalized counters and Tarski queries). Let P G 

D[Ar] and Q — {Qi,... ,Qm) be a finite sequence o/D[Ar]. Then: 
nbp(Q) is an integer vector whose support is {—1,0, such that: 


nbp(Q)[*i,...,i^] = |{z G Zer(P) | Vj < m sign{Qj{z)) = ij}\ 
TaQp(Q) is an integer vector whose support is {0,1, such that: 

TaQp(Q)[zi,..., = TaQiQl^ • • ■ 


The tensor product of two matrices A of dimension TOq x and B of 
dimension mb x nt is the matrix A ® B of dimension mamb x UaUb defined 
by: A(Z)B[{ia,ib),{ja,jb)] = A[ia,ja]B[ib,jb]- We inductively define for t > 1, 

Mj = Ml (g) Mt_i. 



Proposition 3.23. Let P G D[X] and Q = {Qi ,..., Qm) a finite sequence of 
D[X]. Then: 

TaQp(Q) = M„i • nbp(Q). 

Proof. Observe that both TaQp(Q) and nbp(Q) only depend on Zer{P). Thus 
w.l.o.g we assume that P = Y\iX — Zi with all Zi distinct. In this case, 

TaQp(Q) = y^TaQ;,^_^.(g) and nbp(Q) = ^nbx-zi(Q). 

i i 


So we are left with the case P = X — z. For all (ii,..., im), 

TaQp(Q)[ii, TaQp{Q\^ 

= sign^Ql^z) ■ • •Q^(z)) 

= '[[sign{Q''/{z)) = ]JraQp((5*0 

3 3 


Therefore by definition of tensor product, 

Xa.Qp(Q) = TaQp(Qi) 0 • • ■ 0 XaQp(Q^). 

On the other hand, for all nbp(Q)[ii,..., i„] = l/\. signiQj{z))=i 

= rij '^signiQ,(z))=^, = Ili nbp(Qj)[ij]. Therefore, 
nbp(Q) = nbp((5i) 0 ■ ■ - 0 nhp(Q^). 

So TaQp(Q) = TaQp((5i) 0 • • • 0 TaQp(Q„^) 

= Ml • nbp((5i) 

= (Ml 0 ■ 
product 

= Mm ■ nbp(Q). 


• • 0 Ml • nhp{Qjn) using Proposition 3.21 
Ml) • (nbp((5i) 0 • 


nbp((3m)) using a property of tensor 


□ 


Using elementary properties of the tensorial product, one gets the following 
corollary. 

Corollary 3.24. Let P G D[X] and Q = {Qi,... ,Qm) n finite sequence of 
D[X]. Then: 

nbp(Q) = (Mm)-^ • TaQp(Q) = ((Mi)-i ® ® (Mi)-i) • TaQp(Q). 

While the previous corollary provides a way to compute the number of zeroes 
of P per sign realization at family Q, the procedure is highly inefficient w.r.t 
m. Indeed has size 3™ x 3"* while the values and the size of the support of 
vector nbp(Q) remain bounded by the number of zeroes of P. So in the next 
paragraphs, we refine the procedure by iteratively computing nbp(Qp ..., Qm) 
by decreasing values of i and using the intermediate result to reduce the size of 
the matrix to be inverted at the next computation step. 

Definition 3.25. Let m be an integer, X C { — 1,0,1}"* and A C {0,1,2}”*. 
Then A is adapted to X if the (sub)matrix Mm[A, X] is invertible. 



Since Mm is invertible any S admits some A. However we need a way to 
efficiently compute such an A. 

Definition 3.26. Let S C {—1,0,1}™. Then A{E) is inductively defined by: 

— If m = \ then: 

1. When |i;| = 1, A{E) = {0} 

2. When 1171 = 2, H(r) = {0,1} 

3. When irj = 3, H(r) = {0,1,2} 

- Let EC {-1,0,1}™+!. 

For k € {1, 2, 3}, define Ek = {a G {—1,0,1}™ | |{(i, a) G i7}| > k}. 

Then A{E) = {0} x A{Ei) U {1} x A(E 2 ) U {2} x AiEs). 

Observe that E^ C E 2 C Ei and that |273| + \E 2 \ + \Ei\ = |27|. 

Proposition 3.27. Let E C { — 1,0,1}™. Then A{E) is adapted to E. 


Proof. The base case m = 1 is established by a straightforward examination of 
Ml. Assume that the result holds for m and consider E C {—1,0,1}™+!. For 
a G El, we denote by Ca the column of matrix Mm[{0,1, 2}™, 27i] indexed by 
a. Then columns of matrix Mm_|_i[{0,1, 2}™+!, E] are: 


C’(-l.O') 


^-1 j 


-a 1 if (-l,a) G 27, 
C. j 


- C'(o,<t) 

- C'(1.<t) 








if (0 ,ct) G 27, 


if (1 ,ct) G 27. 


For cr G 27i, we pick a minimal ka-p such that (fccr,i,cr) G 27. For a G E 2 , 
we pick a minimal kcr ,2 fco-.i such that {ka-, 2 ,o') G 27. For a G E^, we pick 
the unique 1 = k„^^ ^ {fco-.i, ^( 7 , 2 } such that {k„^ 3 ,a) G 27. Let us reorder the 
columns of matrix Mm+i[{0,1 ,2}™+!, 27] "pjjg gj-g^ columns are 

those indexed by all {ka-,i,cr) G 27. The next |272| columns are those indexed by 
all (fccr, 2 ,o-) G 27. The last |273| columns are those indexed by all {ka, 3 ,<j) G 27. 
We then perform on this matrix some columns operations that let the linear 
independence status of rows unchanged: 


— when ka,i = — 1 and ka -,2 = 0 then Co,cr ^ C'o.o- — C'-i.o- so that 



— when ka,i = —1 and ka ,2 = 1 then Ci^a -G- \{Ci^a' — C'-i.o-) so that 




— when fco-.i = 0 and fccr ,2 = 1 then Ci^, 

0 

Cl,. = ' 


<— Cl . — C-i a SO that 


— when k. -j, is defined (and so equal to 1) then Ci,, 
so that 

' 0 

Cl,. = ' 


^ ^{Ci,. — 2Co,. + C-i,.) 


The resulting matrix has a triangular form : 




0 

0 

M^[{0,1,2Y‘ 


Due to this triangular form, the first Ill’ll + |^ 2 | + l^sl independent rows of 
Mm+i[{0, 1, 2}"*+^, S] are the first |i7i| rows of the first diagonal block followed 
by the first 11721 rows of the second diagonal block and the first iTlal rows of the 
third diagonal block. □ 

Computing inductively A{S) seems to require three “recursive calls”. How¬ 
ever observing that 273 C i72 C 27i and using the next proposition we will obtain 
an efficient computation. 

Proposition 3.28. Let 27' C 27 C {—1,0,1}”'. Then A{S') is obtained by ex¬ 
tracting the first |27'| linearly independent rows of matrix Mm[^(27), 27']. 

Proof. We proceed by induction on m. The base case m = 1 is an immediate 
consequence of the definition of ^(27). 

Assume that result holds for m and consider 27' C 27 C (—1,0, l}"'^^. Define as 
in Definition 3.26, 27{, 27^ and 27^. Observe that for all i, 27' C Si. Consider ma¬ 
trix Mm-i-i[{—1, 0,1}”'+^, 27']. After performing the same linear transformations 
on the columns as those of the previous proof, we obtain the following matrix: 

'Mm[{0,l,2}'”,27{] 0 0 

* Mm[{0,l,2}'”,27'] 0 

* * Mm[{0,l,2}" 

Thus the first maximal set of independent rows of this matrix will be obtained 
by the first maximal sets of independent rows in the three diagonal blocks. 
Applying the induction hypothesis, this corresponds to the first maximal set of 
independent rows of the following matrix: 

'Mm[A(27i),27{] 0 0 

* Mm[A(272),27'] 0 

* * Mm[A(273), 273 ] 

which (by the inverse linear transformations) is equivalent to looking for the first 
|27'| linearly independent rows of matrix Mm[A(27), 27']. 

□ 


Algorithm implements the whole method developped above. 



Algorithm 5: Computing sign realizations of family Q at roots of P 

SignRealization(D, P, p, Q): a non null vector with its support 
Input: P, a non null polynomial in D[A] with degree p 

Input: Q = {{Qi, qi), ■ ■ ■, (Qm, q-m)}, a family of non null polynomials in D[X] 
Output: the vector counting the sign realizations for Q by the roots of P 

Data: ei,..., Cm degrees in {0,1, 2} 

Data: TaQ a vector indexed by vectors of degrees 
Data: nb a vector indexed by vectors of signs 
Data: R, a polynomial in D[X], r a degree 
Data: M, an integer matrix 

Data: ext A, A, j4i, ^ 2 , ^ 3 , sets of vectors of degrees 
Data: extS, E, E 2 , E^., sets of vectors of signs 

for Cm in { 0 , 1 , 2 } do 

R P'Q^’, {R,r) IntRem(D, P, + p— l,P,p) 

// see Algorithm 3 for IntRem 

TaQ[em] PmVPol^, P,p, R, r) 

end 

nb -f- • TaQ 

if nb = 0 then return 9, — jj P has no roots 

E supp{nh) 

if I PI = 1 then A ^ {0} 

else if |P| = 2 then A ■(— {0,1} 

else A ^ {0,1,2} 

nb nb|£; M Mi|axs 

for i from m — 1 downto 1 do 

extE •<— {—1,0,1} X E- extA <— {0,1, 2} x A-, extM •<— Mi (g) M 
for (ei,..., e-m) in extA do 

P' Q7 ^ IntRem(D, P, Y.i<j<m <ljej,P,p) 

TaQ[(ei,..., em)] <— PmVPol(D, P,p, R,r) 

end 

nb ■<— extM“^ • TaQ 
Pi ^ P 

P 2 ■«- (o- G P I |{(i,o-) G supp(nb)}| > 2 }; 

P 3 -s— {o- G P I G SMpp(nb)}| > 3} 

Ai^A 

A 2 the indexes of the first IP 2 I linearly independent rows of M|yix £2 
As -ir- the indexes of the first jPsj linearly independent rows of 
P swpp(nb) 

A -s— {0} X 24 i U {1} X A 2 U {2} X As 
nb nb|^; M G- extMjxixi: 
end 

return P, nb 








Defining and computing encodings for roots 

Definition 3.29 (Thom-encoding). Let P £ D[X] with deg{P) = p > 0 and 

a; € K. The P-encoding of x is the vector: 

<7p{x) = {sign{P{x)),sign{P'{x)),sign{P’'P'> (x))). 

A P-code is a vector of signs indexed by {0,, deg{P)}. 

Proposition 3.30. Let P £ D[X] and a be a P-code. Then: 

— is either empty, a point or an open interval. 

— Let X x' he two roots of P. Then crp{x) ^ up{x'). 

— Let x,x' with ap{x) up{x'). Then x < x' if and only if, denoting k the 
largest index with ap{x)[k] up{x')[k]: 

1. either ap{x)[k + 1] = 1 and ap{x)[k] < ap{x')[k]; 

2. or ap{x)[k + 1] = —1 and cjp{x)[k\ > ap{x’)[k]. 

Proof. We proceed by induction on the degree of P. The case deg{P) = 1 is 
obvious. Assume that it is valid for all P such that deg{P) < i. Consider P 
with deg{P) = i + 1. Apply the inductive hypothesis on a restricted to its i last 
components, denoted cr', and on P'. When crp,^(cr') is empty or a point then the 
result is immediate. When crp,^(cr') is an interval, then cr[l] ^ 0. Thus P{x) is a 
strictly monotonous function on the interval which meets 0 at most once. This 
implies the result. 

The second assertion is a direct consequence of the first assertion. 

Considering the third assertion, ap(k+i){x) = ap(k+i){x'). Since x x', the sec¬ 
ond assertion implies that ap(k+i){x) ^ 0. 

Since p(^+i) is constant in [min(a;,x'),max(a;,x')], this implies the third asser¬ 
tion. 

□ 


Algorithm 6: Computing the Q-encoding of roots of P 


RootCoding(D, P, p, Q, g): a list 

Input: P, Q, non null polynomials in D[A] with respective degrees p, q 

Output: a list of the Q-encoding of roots of P 

Data: (so, ... ,Sq) a vector of signs 

Data: nb a vector indexed by vectors of signs 

Data: E a set of vectors of signs 


{E, nb) P- SignRealization(D, P,p, {(Q ” , q), . . . , (Q , 0)}) 
Order the Q-encodings (so, ... ,Sq) of the support E of nb 


using Proposition 3.30 and duplicating them w.r.t. nb[(so, 


return this list of encodings 






Example 3.31. Let us consider the Pi-encoding of reals for Pi = — 1. First 

remark that the second derivative is always positive, hence the third component 
of the Pi-encoding of any real number is always +1. This encoding divides the 
real line into seven intervals: 

• ] — 00 , —^[ is encoded into (+1, —1, +1), since for x in this interval, P{x) 
is positive but decreasing. 

• The first root is encoded into (0, —1,+1). 

• ] — 0[ corresponds to (—1, —1, +1). 

• The point [0,0] is encoded by (—1,0,+!). 

• ]0, corresponds to (—1,+1,+1). 

• The second root -^] is encoded into (0,+1,+1). 

• ]-^,+ 00 [ is encoded into (+1,+1,+1). 

As a consequence of our previous developments, we are now in position to 
perform two main computations in ©[Xj: (1) determining the number of roots 
of a polynomial P and computing their P-encoding, and (2) computing the Q- 
encoding of roots of a polynomial P. Both results are obtained by Algorithm 
For the first goal it is sufficient to call PmVPol(P, P') and if the result is non null 
to call RootCoding(P, P). 

3.2 Triangular systems 

While we only stated the effective properties of (a representation of) D in the 
previous parts, we now consider specific representations of real subrings of the 
form D = Q[ai,..., where the a^’s are real algebraic numbers. Such represen¬ 
tations are called triangular systems and we will show (in Propositionthat 
they are sign-effective. In the sequel, the leading coefficient of P = J2i<p 
in D[X] with deg{P) = p is denoted lcof{P) = a^. Note that the leading 
coefficient of a polynomial P in Q[Xi,..., Ali_i][Xi] is itself a polynomial in 
Q[Xi,...,X,_i]. 

Definition 3.32 (Triangular system). Let {{rii, Pi,pi))f^i such that for alii, 
Hi is a positive integer and Pi G Q[Xi,..., Xi-i][Xi] with deg{Pi) = pi > 0. Let 
(ai,..., ai) be a sequence of reals. Then {{rii, Pi,Pi))i-i is a triangular system 
of level £ for (oi,..., ai) if: 

— ai is the root of Pi whose degree is pi; 

— For 1 < i < £, Pi+i{ai,..., ai) has degree pi and is the nffi root of 
polynomial Pi+i{ai,... ,ai) G Q[ai,... ,aj][Xi+i]. 

By convention, a triangular system of level 0 is the empty sequence. Observe 
that a priori we do not know how to decide whether ((ui, Pi,Pi))f^i is a triangu¬ 
lar system for some sequence of reals. Given a triangular system {{ui, Pi,Pi))i=i, 
a representation of an item of Q[q;i, ..., is nothing but some polynomial 
P G Q[Xi, ...,Xi] denoting P(ai, ...,ae). 




Algorithm 7: Computing PmV in triangular systems 

PmVPol(£,T, P,p,Q,q)-. an integer 
Input: i, the current level 

Input: T = {{rii, Pi,pi)Yi=i a triangular system for (ai,..., ai) 

Input: P, Q, polynomials Q[Ai,..., X^][X^_|.i] of degree p and q with q < p 
such that P{ai,..., ae) Y 0 and Q(q:i, ..., ar) Y 0 when q > 0 
Output: PmV{sReSp{P{ai ,..., at), Q{ai ,..., ai)), 

si?eso(P(ai,... ,ae), Q(ai, • • • ,ai))) 

Data: j an index, Sp,... ,so a sequence of signs 

if q = —oo then return 0 // consistently with Cauchy index dehnition 
sf?es(P, Q)SubResultaiits(Q[Xi,..., X^], P,p, Q, g) // using Algorithm 
for j from 0 to p do Sj ■<— Sign(f, T, sReSj{P, Q)) 
return PmV {Sp,..., So) // by applying the definition 


Example 3.33. The system {{2,Xl - - l,2),(l,(2Ai - 1)A| - 1,2)) is a 

triangular system for the reals (I^ideed, polynomial Xf — Ai — 1 

has two roots ■ In addition, when Xi = , polynomial (2Ai — 

1)A| — 1 becomes Pi = -YEX^ — 1, with two roots — 

Proposition 3.34. Let £ > 0 and ((u-i, Pi,pi))f^i such that for all i, Ui is a 
positive integer and Pi G Q[Ai,..., Ai_i][Ai] with deg{Pi) = Pi > 0. Then 
we can decide whether {{ni,Pi,Pi))l^i is a triangular system for some {ai}f=i- 
Furthermore with this representation, the rings Q[q:i, •.., a^] and Z[ai,..., a^] 
are sign-effective. 

Proof. The proof is done by induction on £. The base case £ = 0 corresponds to 
the case where the ring is Q or Z and so there is nothing to prove. 

For the inductive case, in order to check whether {{rii, Pi,Pi))iYl is a triangular 
system, we first check that {{ui, Pi,Pi))i^i is a triangular system. In the positive 
case Q[q!i, ..., at] is sign-effective so that we can check whether P£_|_i(q!i, ..., ai) 
has degree and compute the number of roots of Pi+i(ai,..., ag) by using 
PmvPol(Z, T, Pi+i,Pi+i, P/_i_i,_p^+i — 1) in Q[ai,..., a^]. We have rewritten the 
corresponding algorithm (see Algorithm]^ in order to exploit the representation 
provided by Algorithm 

Assume that {{ni, Pi,Pi))ifl is a triangular system. Again using induction hy¬ 
pothesis Q[q;i, ... ,ae\ is sign-effective. So in addition to sign determination in 
Q[ai,..., ae], we are also able to compute Degree and RootCoding in this ring. 
Thus Algorithm]^ (applied at level I 1) determines the sign of P{ai ,..., ag+i) 
by computing the degree of P in Q[ai,...,af] and then determining the P- 
encodings of roots of P^+i in Q[ai,... ,ae] and returning the sign of P corre¬ 
sponding to the root. 

□ 









The sign determination is then obtained by a set of mutually recursive func¬ 
tions. In order to clarify their behavior we have represented their calls in Figure]^ 

-^ Sign ^- 



PmVPol -<— SignRealization-► IntRem->- Degree 

Fig. 4. Links between function calls with level I changing. 


Algorithm 8: Determining the sign in a triangular system. 
Sign(^, T, P): a sign 

Input: P, a polynomial in Q[Ai,. ..,Xi\= Q[Xi,... ,X(>_i][X^] 
Input: I, the current level 

Input: T = {{rii, Pi,pi)Yi=i a triangular system for (oi,..., ai) 
Output: the sign of P(ai,..., at) 

Data: E a list of sign vectors 

if £ = 0 then return Sign(Q, P) // P is a rational 
pt- Degree(f- l,74,f-i,P) 

// Pii-i is the restriction of T at level l—\ 
if p = —oo then return 0 
E = RootCoding(f - 1, Tj.r-i, Pc,Pr, P,p) 

Let V be the riY item of E 
return v[0] 


3.3 Building a cylindrical algebraic decomposition 

We have the following result [l3]: 

Theorem 3.35. For every finite family of sets of polynomials V = {Vi}i<n such 
that Vi C Q[Ai,..., Ai], one can build a cylindrical algebraic decomposition of 
M" adapted to V in 2EXPTIME. 













We devote the rest of the subsection to the proof of this theorem. The al¬ 
gorithm that builds the cylindrical algebraic decomposition of K" proceeds in 
two steps: the elimination step and the lifting step. The elimination step en¬ 
sures the existence of a cylindrical algebraic decomposition while enlarging the 
set of polynomials of polynomials Vi- Once V has been completed, the lifting 
step provides an effective way to compute the cylindrical algebraic decomposi¬ 
tion. Accordingly, one considers the coefficients of polynomials in M during the 
elimination step and restrict them to belong to Q during the lifting step. 


Elimination step. The following lemma establishes that the roots of a polyno¬ 
mial are “continuous” w.r.t. the coefficients of the polynomial when the degree 
of the polynomial remains constant. 

Lemma 3.36. Let P G C[Ari,... , Xk_i][Xk], S C such that deg{P{x)) is 
constant over x G S. Let a G S such that zi,... ,Zm are the roots of P{a) with 
multiplicities pi,..., pm, respeetively. Let 0 < r < mmi^j(\zi — 2j|/2). Then 
there exists an open neighborhood U of a such that for x G U, P{x) has exactly 
Pi roots counted with multiplicities in the disc D{zi,r) for all i <m. 

Proof. Since the degree of P is constant we can divide the coefficients by the 
leading coefficient, obtaining a monic polynomial with same roots and multiplic¬ 
ities and coefficients being rational functions. 

Assume that P = Xj^. Consider Q = X^ — with 6 = maxi<^ \bi\ < 

min(i,r'") ^ , any root of Q has a module less than one. Let z be such 

fl fL 

a root. Then z^ = < pS < r^ which implies \z\ < |r|. 

Let us consider the mapping from pairs (Q, R) of monic polynomials of degree 
respectively q and r to their product R) = QR of degree q + r (viewed 
as mapping of their coefficients). This mapping is differentiable. It is routine 
to check that the Jacobian matrix of this mapping is equal or opposite to the 
subresultant SresoiQ, R) and so it locally admits a differentiable inverse if Q and 
R are coprime. Therefore, factoring P = QR such that Q and R are coprime, 
there exists some neighborhoods Vq, Vr respectively of Q and R, such that 
V = ifiiVg X Vfl) is a neighborhood of P. 

By iteration, the polynomial Pq = {X^ — zQ^^ ■ ■ ■ {X^ — ZmY'^ admits an open 
neighborhood V of its coefficients such that every monic polynomial Pi G V 
admits a decomposition Pi = Qi • ■ • Qm with every Qi of degree pi and whose 
roots belong to the disc D{zi, r). Since the discs have no intersection, every disc 
contains exactly pt roots counted with multiplicities. 

Since the coefficients of P are rational functions of Xi,... Xk-i and so continu¬ 
ous, there is a neighborhood C/ of a that fulfills the conclusion of the lemma. □ 

The next proposition establishes that the real roots of a set of polynomials 
are “continuous” w.r.t. the coefficients of the polynomials when the degrees of 
some appropriate polynomials (including the original ones) remain constant. 



Proposition 3.37. Let Pi,... ,Ps G M[Xi,..., Xk-i] .S' C 1 connected. 
Assume that over x G S, for all 1 < i,j < s, Pi{x) is not identically 0, 
deg{Pi(x)), deg{gcd{Pi{x), Pj{x)), deg{gcd{Pi{x), Pl{x)) are both constant. 

Then there exist i (with I possibly null) continuous functions fi<--‘<fi from 
S to M. such that for every x G S, the set of real roots of rijxs Pj{x) is exactly 
{fi{x),...,feix)}. 

Moreover for all i < £,j < s, the multiplicity of the (possible) root fi{x) of Pj{x) 
is constant over x G S. 

Proof. Let a G S and zi(a),..., Zm(a) be the roots in C of rijxs Pi (a) with p) be¬ 
ing the multiplicity of Zi{a) for Pj{a). The degree of Rjk{a) = gcd{Pj{a), Pk{a)) 
is Ti) is the (possibly null) multiplicity of Zi{a) 

for Rjk{a). 

Pick r > 0 such that the discs D{zi{a),r) are disjoint. Observe that since 
deg{gcd{Pj{x), Pj{x)) is constant over x G S the number of distinct roots of 


and the previous observation, there is a neighborhood U oi a such that for all 
X G U, D{zi, r) contains exactly a root, denoted z) (x), of Pj(x) with multiplicity 
pf. Assume there exists k j with p^ > 0, since deg{Rjk{x)) is constant over 
X G S, zf (x) = zf{x) for all x G U. Otherwise for such an x where the equality 
does not hold deg(Rjk(x)) < deg{Rjk{a)). So we can omit the superscript j in 
zf{x) (dehned when p( >0). 

If Zi{a) is real then Zi{x) is real otherwise its conjugate would be another root in 
D{zi{a),r). If Zi{a) is complex, its conjugate being also a root, D{zi{a),r) and 
D{zi{a),r) are disjoint and so Zi{x) is not real. Hence the number of real roots 
of {x) is constant over x G U. As the number of real roots is locally constant 
and S is connected then the number of real roots of rijxs Pj(x) is constant over 
X G S, say £. 

Let fi{x), for i < Z be the function that associates with x the real root 
of rijXs increasing order. Since r could be chosen arbitrarily small, fi 

is continuous. As the multiplicity of fi{x) w.r.t. any Pj(x) and Q{x) is locally 
constant, it is constant over x G S. □ 

The next definition is a basic construction that will be the atomic step of the 
elimination stage. 

Definition 3.38. Let P = € K[Ai,..., Afe_i] [A^]. Thenlcof{P) = 

Qp and Tru{P) = | Vi > r ^ M* A a,. ^ 0}. 

Let V be a finite subset o/M[Ai,..., Afc_i][Afc]. Then Elimx^iV) is the set 
of polynomials of M.[Xi,..., Xk-i] defined as follows. For all P,Q G V,R G 
Tru{P), T G Tru(Q) with deg{T) < deg{R): 

— If leaf (R) does not belong to K then lcof{R) G Elimx^iP); 

— If deg{R) > 2 then for all sReSj{R, R!) that are defined and do not belong 
to K, sReSj{R, R') G Elimx^,{P); 

— for all sReSj{R,T) that are defined and do not belong to K, sReSj{R,T) G 

Elimxk i'P)- 


Pj{x) is constant over x G S. Let i,j such that pi > 0, applying Lemma 


3.36 




The next lemma establishes the interest of the Elimxk construction. 

Lemma 3.39. Let V be a finite set ofM.[Xi,... ,Xk-i\\Xk], S C a con¬ 

nected set. Assume that S is ElimxuifP)-invariant. 

Then there exist I (with £ posibly null) continuous functions fi < ■ ■ ■ < fi from 
S to M. such that for every x G S, the set of real roots ofYlp^-p* P(x) is exactly 
{fi{x),..., fi{x)} where V* is the subset of V consisting of polynomials not 
identically null over S. 

Moreover for all i < I and for all P G P*, the multiplicity of the root fi{x) of 
P(x) is constant over x G S. 


Proof. Let P gV. Since the leading coefRcients oiTru{P) belong to Elimx^ {(P), 
the degree of P{x) is constant over x G S. 

Let R G Tru{P) be the appropriate polynomial for P (i.e. whose degree is 
the degree of P{x) for x G S). Then, by deg{gcd{R, R')) is determined by the 
signs of polynomials of the sequence Sres{R, R') due to Proposition |3.7[ Since all 
these polynomials belong to ElimXk{P)j number of distinct complex roots 
of deg{gcd{P{x),P'{x)) is constant over x G S. 

Let T G Tru{Q) be the appropriate polynomial of Q for Q S V. Then, by 
Proposition |3.7[ deg{gcd{R,T)) is determined by the signs of polynomials of 
the sequence Sres{R,T). Since all these polynomials belong to ElimXk(P), the 
degree of gcd{P{x),Q{x)) is constant over x G S. 


The conclusion follows using Proposition 3.37 


□ 


We are now in position define the elimination step and to prove its correct¬ 
ness. 


Theorem 3.40. Let Q = {Qi}i<n be a family of finite set of polynomials such 
that Qi C IR[Xi,..., Xi]. Define Vn = Qn and inductively Vi-i = Qi-i U 
ElimXiiQi) for i > 1. Then there exists a cylindrical algebraic decomposition 
adapted to V (and thus to Q). 

Proof. Let us prove the existence of a cylindrical algebraic decomposition of 
adapted to Vi by induction. 

The children of ]R° form the partition defined by 

(-oo,ri),ri, (ri,r 2 ),..., Tm),'em, (j'mjOo) 

where {ri,..., r^} is the set of roots of all P GVi (or M if there is no root). By 
construction, the cells of Si are T^i-invariant and open intervals or points. 
Assume that we have built our tree up to level i < n. Pick any cell C of level i. C 


yields the children of C. 


is ElimXij^i{Vi+i)-ravdx\djA since ElimXi^i(Vi+i) C Vi. Applying Lemma 


3.39 


□ 




Complexity of elimination step. Let s = |Q|, d be the maximal total degree of 
polynomials of Q, and v the maximal constant appearing in a coefficient of Q. 
A straightforward recurrence shows that 

— the maximal number of bits of a coefficient of any Vi is 0((i” • ~ ■ 

^ogiv)), 

— the maximal total degree of polynomials of all Vi is in 0{d^ ), and 

— the total number of polynomials is in 0((sd)^"). 

Example 3.41. Let us build the family Vi,V 2 of polynomials associated with 
the automaton of Fig. We set Ji = Xi, I 2 = X 2 , A = Xf — Xi — 1, B = 
( 2 X 1 - 1)X| - 1 and C = X 2 + {Xf - 5). We start with V 2 = {l 2 ,B,C}, 
Vi = {Ii,A} and add to Vi polynomials computed by (’^ 2 )- 

We first add lcof{B) = 2Xi — 1 to Note that we do not add lcof{C) 
since it is in Q. 

Let us now compute all subresultants of (potentially truncated) polynomials 
oiV2-. 


sResoih, C) = 


1 0 
1X2-5 


= Xf — 5 is added to Vi. 


We then add to Vi the polynomial 


sReso{B, C) 


2X1-1 0 -1 

= 0 1X2-5 

1 Xf - 5 0 

=-( 2 X 1 -1)(X2-5)2 + 1 
= -2X1 +Xt + 20Xf - 10Xi2 


50Xi + 26 


• Remark that sReso{B,l 2 ) = 1 G Q, hence it is not added to Vi. It is also 
the case for sResi{B,l 2 ) and sResi{B,C). 

We then need to compute the subresultants of each polynomial of degree 
> 2 with its derivative. In our case, that means computing sResoiB, B') and 
sResi(R,R')-WehaveR' = 2(2Xi-I)X2. We obtain sResi{B,B') = 2(2Xi-I) 
that should be added to Vi. However, since sResi{B,B') = 2lcof{B), their sign 
will coincide. For simplicity we will not keep it in Vi, although the automatic 
procedure does; nonetheless, this would not affect the elimination at lower levels. 
Finally, we have 


sReso{B, B') 


2X1-1 0 -1 

0 2(2X1 - 1) 0 

2(2X1 -1) 0 0 


4 ( 2 X 1 - 1)^ 


which is added to Vi- This concludes the elimination phase. 
The final sets Vi and V 2 are given in Table (page . 









Algorithm 9: Lifting the cylindrical algebraic decomposition at a point of 

level f' _ 

Input: V = a family of subsets of polynomials obtained by 

decomposition 

Output: A a tree whose nodes at level i are sample points of the 
decomposition equipped with their sign evaluation for Vt 
Lifting(t',T): an integer 

Input: i, the current level; T = {{rii, Pi,Pi)Yi=i a triangular system for 
(qi, ..., at) corresponding to a node of A. 

Data: L a list of triangular systems equipped with sign vectors, E a triangular 
system with a sign vector 
L ^ LinePartition(£, 7”) 
if L = 0 then 

r ^ r U {(l,Xr+i, 1)}; r ■ Eval ^ {(P, Sign(f, T, Lcof (P)) | P e Vt+i} 
A AVJ {T —>■ T'); if f + 1 < fc then Lifting(£ + 1, T') 

else 

L C- Completing(f, T, L) 
for E £ L do 

Pick some (r, v, P) £ E such that r is defined 
T' ^ r U {(r, P, Degree(f, T, P))}; 

T' • Eval £- {{Q, u[0]) I Q £ Vt+i A 3(m, v, Q) £ E} 

A AVJ {T —>■ T'); if f + 1 < fe then Lifting(£ + 1, T') 

end 

end 




Lifting step. We build the cylindrical algebraic decomposition as follows: every 
cell C of level i is represented by a sample point, represented by a triangular 
system. In addition, the representation of C includes the evaluation of the sign of 
all P G Ve- Observe that evaluation of a P G Vj with j < .^ is found in its ancestor 
cell of level j. The construction is performed by Algorithm An atomic step 
of the lifting phase corresponds to build, given a sample point the ordered 
list of all sample points of representing the cells of the cylinder above 

S. It corresponds to a call to Lifting (without the recursive calls). The whole 
construction is done by the call Lifting(0, 0). Lifting first calls LinePartition 
in order to get an ordered list of the roots of all P G Vi+i- Every real a of this 
list is represented by a set of triplets {r,v,P) where P is a polynomial whose 
coefficients are algebraic numbers over T (and thus represented by polynomials 
in Q[Xi ,..., X(]), V is the P-encoding of a. r may be undefined but when defined 
it means that a is the root of P. For at least one triplet of the set r is defined 
allowing to extend the triangular system T by a. Since one wants to represent 
the interval between these roots by sample points, the list is completed by a call 
to Completing. After this call either the list is empty (corresponding to the case 
of a single child C x K) and this child is represented by o^+i = 0, first root of 
X£^i. The representation of this cell is now enlarged by the evaluation of all 
P G Pf+i at this sample point. Otherwise for every item of the list one picks 
some arbitrary (r, v, P) with r defined and proceeds as previously to produce all 
the children of C. 

Algorithm produces the list of roots of all P(ai,..., ai) for P G Pf+i. 
For any such P, it first normalizes it by determining its higher non null coeffi¬ 
cient. Thus R G Tru{P). SL\P] will contain the singletons {(r, u,P)} for every 
root of P{ai, ..., ai). Then the algorithm enlarges these singletons with triplets 
{{r',v',Q)} for all Q that proceed P in P^+i. All these triplets are obtained 
using the lists provided by appropriate calls to RootCoding. Conversely the sets 
of the list SL[Q] are enlarged with the triplets related to P. Once all roots have 
been produced in SL, it remains to order them and (possibly) merge them. This 
can be easily done with the help of their Thorn-encoding and it is performed by 
a call to QrderedMerge. 

Algorithm completes the list of roots by sample points representing the 
intervals between the roots. This is done as follows. Given a root a of P and a 
root /? of Q, such that a and /3 are consecutive items of the list, there exists a 
root / of {PQY such that / G]a,j3[. Thus the sample point will be an arbitrary 
root of {PQY strictly between a and (3. If a is the smallest (resp. largest) root 
in the list for of some P then the first (resp. last) root of P[X£+i + 1] (resp. 
P[Xf+i — I]) is a — 1 g] — oo,q:[ (resp. a -I- 1 G]a, -|-oo[). In this algorithm E 
represents the current item, say /3 of the list of roots, P some polynomial whose 
/3 is a root and v is its P-encoding. Let a be the previous item of the list (when it 
exists). oldP is some polynomial whose a is a root and oldv is its o/dP-encoding. 
Thus in order to find a root of (P • oldPY between a and /3, one computes the 
P and oldP encoding of the roots of (P • oldPY ■ 


Algorithm 10: Partitioning the real line at a point of level £. 


Input: V = {'Pt}t<k a family of subsets of polynomials 
LinePartition(£, T): a list 
Input: the current level 

Input: T = {(n-i, Pi,Pi)}f=i a triangular system for (oi,..., ar) corresponding 
to a node of A whose children have to be computed. 

Output: L a list of sample points of the decomposition equipped with their 
sign evaluation for Vi+i related to T. 
for P £ Pi+i do 

{R, r) <— Normalize(f, T, P) 
if r < 0 then SL[P] ■£- 0 
else 

SLL ■(— RootCoding(£, T, R, r, R, r) 

11 Singleton transforms a list of items into a list of 

singletons which contain these items. Furthermore it adds 
the number of the root of R for subsequent use. 

SL[P] £- Singleton(SLL) 
for Q £ Pe+i such that Q < P do 
(S, s) ^ Normalize(f, T, Q) 

SLL ■£- RootCoding(f, 7”, i?, r, S,s)', EnlargeWith(S'L[P], SLL, Q) 

end 

end 

for Q £ "Pr+i such that Q < P do 
if SL[Q] ^ 0 then 

(S, s) ■£- Normalize(f, T, Q) 

SLL £~ RootCoding(f, P, S, s, R, r); EnlargeWith(SL[Q], SLL, P) 

end 

end 

end 

L DrderedMerge(SL) 
return L 




Algorithm 11: Completing the line partition with samples of intervals. 
Input: V = {'Pt}i<k a family of subsets of polynomials obtained by 
decomposition 
Completing(€, T, h): a list 
Input: the current level 

Input: T = {(ui, Pi,Pi)Yi=i a triangular system for (oi,..., ae) corresponding 
to a node of A whose children have to be computed. 

Input: L a list of sample points of the decomposition represented by a 

triangular system equipped with their sign evaluation for Ve+i related 
to T. 

Output: the input list L enriched with of sample points for the intervals before, 
between and beyond the original sample points, 
for E G L do 

Pick some (r, v,P) G E such that r is defined 
HE — First(Z/) then 

{R,r) G- Normalize(£, T, P(X^+i + 1)); 

SLL G- RootCoding(£, T, R, r, R, r) 
shortL G- Singleton(S'LL) 
for Q G Ve+i do 

{S, s) G~ Normalize(f, T, Q) 

SLL G- RootCoding(f, T, R, r, S, s); EnlargeWith(shortL, SLL, Q) 

end 

Insert First(shortL) before E in L 
else 

(R, r) G- Normalize(£, T, (P ■ oldP)'■, SLL G- RootCoding(f, T, R, r, R, r) 
shortL G~ Singletoii(S'LL) 
for Q G Ve+i do 

(S', s) V- Normalize(f, T, Q) 

SLL G- RootCoding(f, T, R, r, S, s); EnlargeWith(shortL, SLL, Q) 

end 

Find F in shortL such that 3(a;, vP, P), {y, voldP, oldP) G F 
with vP < V and voldP > oldv, Insert F before E in L 

end 

oldv G- v; oldP G- P 

end 

Let E be Last(L) 

Pick some (r, v,P) G E such that r is defined 
{R,r) G- Normalize(f, T, P(A^+i — 1)) 

SLL G- RootCoding(£, T, R, r, R, r); shortL G- Singleton(SI/I/) 
for Q G PtGi do 

(S, s) Normalize(f, T, Q) 

SLL G- RootCoding(£, T, R, r, S, s); EnlargeWith(shortI/, SLL, Q) 

end 

Insert Last (shortL) after E in L; return L 




Example 3.42. We first (by Algorithm 10) compute the line partition of M at level 
1 for Vi = {/i, A, D, E, F, G} (see Table ^ obtained previously. This is done by 
comparing the P-encodings of roots of Q for all pairs {P,Q) G Vf. The result 
is (partially) depicted in Fig. Each bullet represents the (relative) position of 
a root, given by a triangular system (where the degree of the polynomial is not 
represented for clarity). In the table, the line labeled by P gives the P-encodings 
of the roots. 


Ii=Xi 

I2=X2 

A = Xf - Xi - 1 
B = (2Ai - 1)X| - 1 
C = X2 + Xi-5 
D = 2Xi-l {= lcof{B)) 

P = X? -5 (= sResQ{l2,C)) 

F = -2X1 + Xt + 20X? - lOX? - 50Xi -t 26 (= sReso{B, C)) 

G = 4(2Xi - if (= sReso{B, B')) 

Int = -14Xi® -h 18Xf 105Xt - 124Xi^ - 180X? 172Xi 24 (= (PA)') 

Pi = {/i,A,P,P,P,G} V2 = {l2,B,C} 

Table 1. Polynomials used in the cylindrical decomposition. 



a,E) 

(1,A) 

(1,P) 
(l,/i) (TG) 

(4, Int) 

f,F) ; (2, A) 

(2,P) 

(2,P) 

(3,P) 


-V5 

1-v4i 

2 

0 i 

2 

l + l/5 

2 




h 

(-1,1) 

(-1.1) 

(0.1) (1.1) 

(1,1) (1.1) 

(1.1) 

(1.1) 

(1.1) 

A 

(1,-1,1) 

(0,-1,1)(-1,-1.1)(-1.0.1) 

(-1,1,1) (0,1,1) 

(1.1.1) 

(1.1.1) 

(1.1.1) 


D (-1,1) 

P : (-1.-1.1) 

p (1,1,-1,1,1,-1) 

G (i,-i.i) 

Fig. 5. Partition of R according to Pi and Thom encodings. The scale is not accurate. 


Example 3.43. We can now complete the line built above by computing sample 
points corresponding to intervals between consecutive roots (Algorithm |11[). For 










instance to compute a sample point at the left of (!,£’) = —V5, one can choose 
— 1 —>75 which is the first root of H = (X +1)^ — 5 (i.e. E where X is replaced by 
X + 1). In order to compute a value between (1, F) and (2, A), we consider the 
polynomial Int = {FA)' = -14X^+18X1+105X^-124X^-180X^+172X1+24. 
Computing the F-encodings of roots of Int gives the number k of roots of Int 
smaller than or equal to (1,F). Taking the k + 1th root of Int yields a root 
greater than (1, F). The value {k + 1, Int) is smaller than (2, A) (since one such 
root exists). Here, one can show that the appropriate root is the 4th. Hence 
the sample point {4, Int) written ai is added to the line in order to represent 
interval ](1,F), {2,A)[, as depicted by the empty bullet on Fig. In addition, 
for all polynomials P of Vi, the P-encoding of {4, Int) is computed: the first 
component yields the sign of P in the interval. Namely: 

Ii{oii) + 0 A{cx\) < 0 D{ci\) + 0 

E{ai) < 0 F{ai) < 0 G{ai) > 0 

Remark that this interval corresponds to the one where transition a of Fig. is 
fired in the trajectory of Fig. 

Sample points (and their encodings) for all intervals should be computed and 
added to the line. This is omitted for readability. 

Example 3.44- We illustrate the lifting (Algorithm]^ to for the interval rep¬ 
resented by the sample point (4, Int) built above. In this case, one must partition 
the real line with roots of polynomials of 'P 2 = {I 2 , B, C} when Xi = ai. Note 
that Ii and A are constants. 

In the computation of the P 2 -encodings, the Pi-encodings of ai are used, 
in particular the encodings of polynomials constructed in the elimination phase. 
For example, since D{ai) > 0, the leading coefficient of B is positive, hence B 
has two roots. And since E{ai) < 0, the root of C{ai) is positive (greater than 
the root of 12 ). Finding that all the roots of B{ai) are smaller than 7 the root 
of C'(ai) involves not only the sign of F{ai) (which only shows that 7 is not 
between the roots of B{ai)) but additional components of the encoding, namely 
in this case the sign of the second derivative of F. This is partially represented in 
Fig. (again, the degrees of the polynomials are omitted). Note that this lifting 
corresponds to the trajectory depicted in Fig. § page[g 

4 Verification algorithms for PolITA 

We now use the cylindrical decomposition to build a finite abstraction of the tran¬ 
sition system associated with a PolITA. The model checking problem (hence 
also the reachability problem) can be solved with this abstraction. An on-the- 
fly construction is then given to produce a more efficient practical algorithm. 
Formally, we prove the following: 

Theorem 4.1. The model ehecking problem of TCTLint over PolITA is decid¬ 
able in time (|A| • • d)^ where n is the number of clocks in A and d the 

maximal degree of polynomials appearing in A and ip. 


X 2 

«■ (1,C7) 


0 

(1,-fi) (1,^) 

( 1 ,G) 


(2,B) 


( 1 .^) 

(4, Int) 

( 1 ,^ 2 ) 


«■ (1,B) 


(2,F) 


Fig. 6. Line partitioning for X 2 above ai = (4, Int). 


4.1 Abstraction construction 


Let A — {S,Q,qo,F,X,X,A) be a PolITA with X = {xi,..., a;„}. We de¬ 
fine Poly{A) the set of all polynomials appearing in guards and updates of A 
(including all clocks) as follows: 


Poly{A)=X\J U = ol 

{q,g,a,u^q')GA \\i i ) 

( Ti n 

u= /\xi-.= Pi 


Given a TCTLint formula ijj, we define Poly{^p) the set of all polynomials appear¬ 
ing in ijj, i.e. in subformulas of the form P ixi 0. Note that in the case of the 
reachability problem, Poly{tp) = 0. 

Let Vji.ip be the cylindrical algebraic decomposition adapted to Poly{A) U 
Poly{ip) and X. Since is adapted to X, the cells can be arranged in levels 

y,,..., P )4 such that for 1 < j < n, Ufe=i '^a v> ^ CAD of As 

a result, the projection of a cell of level i over the axis Xi = 0 yields a cell of 
level i — 1. 

We define TZa,iP the finite transition system with states in Q x T>A,iij specif¬ 
ically, they can also be arranged by layer, with respect to the level of the state: 

X Indeed, given a configuration {q,v) with X{q) = k, the se¬ 

mantics of PolITA require that for fc < i < n, v{xi) = 0, hence v belongs to a 
cell of We now define the transitions of as follows. 


Time successors. Let succ ^ P be a letter representing time elapsing. Let 
(g, C) be a state of with X{q) = k, and let C G P^”^ be the projection of 

C onto and — 00 = /o < • • • < fr+i = +00 be the functions dividing C as 
in Definition 13.21 The succ transitions are defined as follows: 







— ii C = {{x, fi{x)) \ x € 0} for some i € {1,..., r}, then there is a transition 

{q,C) ( 9 ,C") where C = {{x,y) \ x S C,fi{x) <y < /i+i(a;)}; 

— if C = {{x,y) I X G C,fi-i{x) <y < Mx)} for some i G r}, then 

there is a transition {q, C) (g, C) where C = {{x, fi{x)) \ x G C}; 

— otherwise, C = {(a;, y) | cc G C, fr{x) < y < fr+i{x)}, and there is a self-loop 

labeled by succ: {q,C) {q,C). 

In all the above cases, C" is called the time successor of C (in the last case, C 
is its own time successor). 

Proposition 4.2 (Correctness w.r.t. time elapsing). Let v be a valuation 
of a cell C of level k. 

— There exists d > 0 such that the elapsing of d time units for x^ yields a 
valuation v +k d G C, the time successor of C. 

— For any Q < d' < d, the elapsing of d' time units for Xk yields a valuation 
V +k d that is either in C or in C. 


Proof. We again distinguish the possible cases for C: 

— If C = {(a:, fi{x)) I a; G C} for some i G {1,..., r}, then the time successor 
C = {(a:, y) I a; G C, f^{x) <y < f,+i{x)}. Then v = {x, fi{x)). By elapsing 

units in level k, one clearly obtains a valuation of C". 
Moreover, for every inferior delay d', v +k d' is also in C. 

— If C = {(a;, y) I a; G C, /i_i(x) < y < fiix)} for some i G {1,..., r}, then 
C' = {{x,fi{x)) I a; G C}. Then v = \x,y) with f^-i{x) < y < fiix). By 
elapsing fiix) — y time units in level k, one clearly obtains a valuation of C'. 
Moreover, for every inferior delay d', v +k d' remains in C. 

— Otherwise, C = {(a:,y) | x G C_, frix) <y < fr+iix) = -foo}, and any time 

elapsing for Xk keeps the valuation in C. □ 


Discrete successors. Since Pa, ip is adapted in particular to PolyiA) which 
contains all guards, we have the following result: 

Lemma 4.3. Let C G Pa,iIi be a cell of the aforementioned CAD. Let v G C be 
a valuation. Then for any v' G C and for every guard ip appearing in A, v' \= p 
if, and only if, v \= p. 

Hence we can write C \= p whenever v \= p and v G C. 

Moreover, for every update Xi := Pi there is a polynomial Xi — Pi in PolyiA), 
which has value 0 if and only if Xi = Pp, a.s a. result: 

Lemma 4.4. Let C G D\ ^ be a cell of level k, C be the projection of C onto 
and —oo = fo < ■ ■ ■ < fr+i = +oo be the semi-algebraic functions dividing 
C as in Definition \3.^ Let u be an update of the form Xk ■= P for some poly¬ 
nomial P G Q[xi,..., Xk-i]. Then there exists an index i G {1,..., r} such that, 
over C, fi = P. 






As a corollary, there exists a unique cell C G ^ such that for any valuation 
V G C, u [ m ] G C, namely C = {(a;, fi{x)) \ x G C}; which can be written C[u]. 

Discrete transitions of A are translated as follows into TZA,tp- if {q, '•P, a, u, q') G 
A and C \= p, there is a transition (g, C) A (q', 

Proposition 4.5 (Correctness w.r.t. discrete steps). 

— If iq,v) A- {q',v') G Ta, then {q,C) A {q',C') G TZa with v G C and 
v' G C. 

— If {q,C) —> {q',C') G TZa then for all v G C there exists v' G C such that 
{q,v) A iq\v’) G Ta- 


Proof. 

— First, {q,v) A {q',v') G Ta implies that there is a transition {q,(p,a,u,q') 
such that V \= p and v' = u[m]. By Lemma 4.3 we have that C |= p. In 
addition, we have by Lemma 4.4 that v' = u[u] G C[u]. By the definition of 
TZa, in there is a transition {q, C) A {q', C[u]) G TZa,^. 

— Transition {q,C) A {q',C') G TZA,i> only exists because of a transition 
(q, Lp, a, u, q' )A, and we have C = C[u]. Let v G C. Since C |= by 
Lemma 4.3 we have that v \= p. Hence there is a transition (q, v) A 
{q',v[u]) G Ta- By Lemma [4^ u[u] G C[u], which concludes the proof. □ 


Example 4-6- Part of this abstraction for deciding reachability in PolITA Aq 
(Fig.0 page[^ is depicted on Fig. In this figure, points are given by the tri¬ 
angular system representing them. Computations of sample points for intervals 
between roots where omitted, and only appear in the graph as roots of deriva¬ 
tives. Note that having no a edge from state gojl)(5,/nt) is not an omission, 
but a consequence of the guard x\ < Xi + 1 no longer being satisfied. In this 
graph, C+ is the polynomial obtained when replacing X 2 by X 2 — I in C. Faded 
states and transitions are unreachable but are nonetheless constructed from the 
decomposition. 


Labeling with atomic propositions. Finally, we translate a comparison P ixi 
0 in ■;/; into a fresh atomic proposition ppixio and label TZA,ii as follows. Note that 
since VA.ii is in particular adapted to Poly{'ip), every cell C of 'Da,^ is sign- 
invariant for P, hence the truth value of P to 0 is constant in C. As a result, 
it makes sense to write C ^ P to 0 whenever P to 0 for some v G C, and 
proposition pp^o is true in every state {q, C) where C ^ P to 0. We write if the 
formula where each P to 0 has been replaced by pptxo- 

Proposition 4.7. A\= tjj if, and only if, TZa .b h V'- 

Note that ^ is a CTL formula, which can be checked with the usual polynomial 
time labeling procedure. Since the number of cells in a cylindrical decomposition 
is doubly exponential in the number of clocks and polynomial in the number 
and maximal degree of polynomials to which it is adapted [B], we obtain the 
complexity stated in Theorem |4.1[ 






y 


Fig. 7. Partial depiction of TZaq ■ 

Dashed edges correspond to time successors sttcc; faded states are unreachable. 












4.2 On-the-fly algorithm 


Propositions |4.2| and |4.4| provide decidability of the model checking problem, by 
the algorithm that builds the finite graph Ti-A,Tp verifies that '0 is satisfied in this 
graph. 

However, building the complete graph is not efficient in practice, since it 
requires to build the set of all cells beforehand. In the sequel, we show an on- 
the-fly algorithm that builds only the reachable part of This algorithm 

would not, for example, build the faded states of R-Ao in Fig-0 

The key to the on-the-fly algorithm is to store only the part of the tree corre¬ 
sponding to the current sample point and its time successors. This construction 
is akin to what is done in Fig. where only the line partitioning for X 2 above 
the current sample point is computed by the lifting phase, while line partitioning 
above, for, say, sample point (1, F) is not computed. As a result, we do not keep 
the whole tree but only part of it. 

We show that this information is sufficient to compute the successors through 
time elapsing and transition firing. Nonetheless, remark that although this prun¬ 
ing yields better performances in practice, the computational complexity in the 
worst case is not improved: the line partitioning at the first level already requires 
doubly exponential time, since the elimination phase is required. 


Definition 4.8 (Pruned tree). Let {Vk^k^n be the polynomials obtained by 
the elimination phase. The pruned tree for sample point (ai ,... ,ak) is the se¬ 
quence of completed line partitionings for sample points {(oi,..., ai)}i<i</c- By 
convention, the pruned tree for the empty sample point (k = 0) is the line par¬ 
titioning at level 1. 


Given a clock valuation (ui,..., Ufc, 0,..., 0) at level fc, it can be represented 
by a sample point (oi,..., a^), or, equivalently, by a pruned tree for sample point 
(oi,..., Ofc-i) and the index m of ock in the line partitioning for (oi,..., ak-i). 
In this representation, computing the time successors of (oi,... ,(Xk) is simply 
done by incrementing m (if it is not the maximal index in the line partitioning). 
Note that in this algorithm we do not loop on the rightmost cell; although it is 
convenient to assume in TZa that a time successor always exists, it has no effect 
regarding the reachability problem. 

The set of enabled discrete transitions can be generated by computing the 
signs (see Algorithm page 271 of polynomials appearing in guards. When a 
discrete transition q q' is chosen, several cases should be distinguished 

with respect to the level of states q and q'. 


— If the level decreases, i.e. X{q') < X{q). Then the pruned tree corresponding 
to the new configuration is only the topmost-part of height A(g') of the 
original pruned tree. Otherwise said, we “forget” line partitionings for levels 
above X{q')] however, the partitionings can be kept in memory in order not 
to have to recompute them later. The new index is the index of Q;a(ij') in the 
partitioned line for this level. 





— If the level doesn’t change, i.e. X{q') = X{q) = k. The only way to change the 

clock values is through an update Xk '■= P with P G Q[Xi,... ,Xk-i\. Then 
the polynomial of degree 1 R = — P was added to Poly{A) and its unique 

root a'j. appears in the line partitioning of level Note that in the triangular 
system representing (ai,..., a'j.) it may appear as ... (1, R) or some other 
equivalent value, hence to determine the index in the partitioned line the 
algorithm must actually determine the sign of R for all sample points of the 
line until 0 is found. 

— If the level increases, i.e. X{q') > X{q). First there can be an update of 
Xk, hence the same computations as above must be performed in order to 
find the new sample point corresponding to the valuation of clocks up to 
X{q). Then the pruned tree of height X{q') has to be computed. This is 
done by X{q') — X{q) lifting steps (Algorithm page E- Since all clocks 
remain null for levels above X{q), the sample points given as inpulj^ are 

(cTi,..., 0,..., 0). 


Now the on-the-fly algorithm works as follows: 

— Compute sets of polynomials {'Pi}i<n by the elimination phase. 

— Compute the completed line partitioning at level I. 

— Start at a the initial state. If the level of the initial state is fc > 1, proceed 
with fc — 1 lifting phases as in the case of level increase. Add this state in a 
queue. 

— Until the queue is empty: 

• Compute the list of fireable discrete transitions and whether time suc¬ 
cessor is allowed. 

• Add all new successors through a fireable discrete transition or a time 
step to the queue. 

— Apply the model checking algorithm on this graph. 

A note on efficient memory usage As noted above, a line partitioning only 
needs to be computed once. In addition - and this also holds for the complete 
construction of 'R-a,tP the triangular structure of triangular systems enables a 
sharing of line partitioning at lower levels. Thus the size of the graph in memory 
is at most the size of the complete tree of the decomposition added, and not 
multiplied, by the number of states of the PolITA. 

5 Expressiveness and extensions 

We finally focus on expressiveness of PolITA. After comparing this class with 
stopwatch automata, we show how to extend it while keeping decidable the above 

^ Although the actual input of the algorithm are triangular systems, assuming we 
have the system T for (oi,..., ax(q)), the subsequent triangular systems are T U 
(1Wa{9)+i) • ■ • ■ 



verification problems. For sake of clarity, in section we have presented a ba¬ 
sic model of PolITA. Here we show how to add three features consisting in: 
( 1 ) including parameters in the expressions of guards and updates, ( 2 ) associ¬ 
ating with each level a subset of auxiliary clocks, and (3) allowing to update 
clocks of lower levels than the current one. Since in the context of ITA, the hrst 
two extensions have already been studied in and the third one in HO] , our 
presentation will not be fully formalized. 

5.1 PolITA vs Stopwatch automata 

By syntax inclusion, PolITA are at least as expressive as ITA. As a direct 
consequence, there exists a timed language accepted by a PolITA that is not 
accepted by a TA [5]. 

There exists a timed language accepted by a timed automaton that is not 
accepted by any PolITA as presented above (the proof is a direct adaptation 
from the one proving said language is not accepted by an ITA [lO]), although it 
is accepted by the extension with auxiliary clocks provided below (Section 

The class of stopwatch automata (SWA), which also syntactically contains 
the class of ITA, is however incomparable to PolITA. 

Proposition 5.1. There exists a timed language accepted by a PolITA with a 
single clock that cannot be accepted by a stopwatch automaton. 

The proof of the above proposition relies on a lemma about runs accepted 
by a SWA. Recall that in a stopwatch automaton, each clock can be active or 
inactive in every state. Also recall that updates are restricted to reset^a: := 0 
and guards are comparisons to a rational constant]^ In the remainder of the 
section, we use +q to denote addition only on stopwatches active in q. 

Lemma 5.2. Let p = {q^, vq) {qo, vg +qg Sq) > {qi,vi) • • • be a run in 

a stopwatch automaton. Then there exists p' = {qg,vg) (qg^vg -1-^^ Sg) 

{qi,vi) ■ ■ ■ taking the same discrete transitions as p such that Vz, Si € Q. 

Proof. We assume that stopwatches are never reset throughout the run. This 
can be done since one can assume that a reset stopwatch is actually a fresh one. 
Consider the linear system with a variable Si per delay and rational coefficients 
which corresponds to all guards appearing after qk- We write 


1 if a: is active in qi 
0 otherwise 


For each stopwatch x, we add the constraints 



® It is possible to simulate affectations to rational constants, but it does not change 
expressiveness of the model. 

® Again, diagonal constraints x — y >3 c for c € Q can be simulated. 





Note that since guards have rational coefficients, this system has rational coeffi¬ 
cients. In addition since p is an accepted run, this system has a solution (Jq, ...). 
Also note that for every solution (5')i, replacing each delay Si with 5' in p still 
yields a valid run p', since all guards are still respected. The set of solutions of a 
linear system with rational coefficient is a rational polyhedron, so the projection 
over each variable yields an interval with rational endpoints (or — oo or -l-oo). 
If for some i. Si is irrational, the interval cannot be reduced to a point, so it 
contains an open set around Si, in which there is a rational Therefore, there 
exists a solution ((5')j S and p' is a run with rational delays. □ 


Proof (Proposition \5. l\ l . Consider PolITA of Fig. which accepts the timed 
language C containing the single word (a, 1)(6, v^). Assume £ is accepted by a 


stopwatch automaton Ac- Let p = {qo,vo) (qoiVo +qg Sq) 


g,ai,u 


> iqi,vi) 


be a run accepting (a, 1)(&, v^). Note that some a^s may actually be £. Since 
b occurs at an irrational instant, there is at least an irrational delay before 
the occurrence of b. By Lemma 5.2 p' the run where all delays are rational is 


also accepted. Therefore the instant of b in p' is rational and cannot be v^- 
Furthermore any time rescaling for C does not change this result since either a 
or b is taken at an irrational instant. □ 



Fig. 8. A PolITA whose timed language is not accepted by a stopwatch automaton. 


On the other hand, the (untimed) language of a PolITA (and the extensions 
of Section^ is regular, as shown by the construction of a finite abstraction of Ta 
in Section ]^ It is not necessarily the case of (untimed) languages of stopwatch 
automata p2l2j . hence there are some timed languages accepted by a SWA that 
are not accepted by any PolITA. 

5.2 Parameters 

Getting a complete knowledge of a system is often impossible, especially when in¬ 
tegrating quantitative constraints. Moreover, even if these constraints are known, 
when the execution of the system slightly deviates from the expected behavior, 
due to implementation choices, previously established properties may not hold 
anymore. Additionally, considering a wide range of values for constants allows 
for a more flexible and robust design. Introducing parameters instead of con¬ 
crete values is an elegant way of addressing these three issues. Parametrization 
however makes verification more difficult. For instance, in timed automata, al¬ 
lowing a single clock to be compared to parameters leads to undecidability of 
the reachability problem pT| . 






Suppose that we enlarge PolITA allowing expressions to be polynomials 
whose set of variables is the union of a set of clocks {xi,, Xn} and a set of pa¬ 
rameters {pi,... ,pk}. Then we consider the cylindrical decomposition where the 
order of variables is pi,... ,pk,xi,..., Xn- Now assume that the relevant values 
of parameters are specified by a first-order formula val. Then using the cylin¬ 
drical decomposition, we can answer reachability questions like “for all pi ■ • • Pk 
satisfying val, is q reachable?” or safety questions like “for all pi - ■ -pk satisfying 
val, is q unreachable?”. 

5.3 Auxiliary clocks 

With each level i, one may associate a set of auxiliary clocks Yi in addition to the 
main clock Xi. Since there are multiple clocks for some level i, in this PolITA, 
with every state of level i, is associated an active clock among Xi = {xi} U Yi, 
specifying which clock evolves with time in this state. Auxiliary clocks may be 
used in a restrictive setting w.r.t. the main clocks to influence the behavior of 
the PolITA. Let us detail these restrictions: 

— In a guard of a transition outgoing from a state at level i, among auxiliary 
clocks only those of the level i may occur and they are only be compared 
between them or with the main clock (i.e. z txi z' with z, z' € Xi); 

— In a transition outgoing from state at level i, an auxiliary clock of level i 
may be updated by another clock of level i (i.e. y := z with y G Yi and 
z G Xi) while the main clock may be updated by an auxiliary clock only 
if the destination state of the transition is also at level i (i.e. Xi := y with 

y G Y,). 

The decision procedure works as follows. The cylindrical decomposition does not 
take into account the auxiliary clocks. However the definition of a class specifies 
in which interval of level i lies any clock of level i and their relative position for 
clocks inside the same interval. 

Adding auxiliary clocks strictly extends expressiveness of PolITA w.r.t. 
timed languages. It was shown in m that the language 

L = {{a,ti){b,t 2 ) ■. ■ {a,t 2 p+i){b,t 2 p+ 2 ) | P G N, 

VO ^ i ^ Pj ^2i+l — ^ H“ 1 O-Ild. i “h 1 <C ^2i+2 ^ H” 2, 

VI < i < p, t2i+2 — t2i+l < t2i — t2i-l} 

is not a language of an ITA. The proof also holds for PolITA since it is only 
based on the following hypotheses: ( 1 ) there is a single clock per level, ( 2 ) at 
level i, the behavior is only determined by the current state and the values of 
clocks at levels less or equal than i, and (3) the clock Xi is null at level j < i. 

The untimed language of L is (ab)^. In the accepted timed words, there is an 
occurrence of a at each time unit and the successive occurrences of b come each 
time closer to the next occurrence of a than previously. Consider the PolITA of 
Figure]^ with a single level and single final state q 2 . The main clock x is active 
in all states and y is an auxiliary clock. It is routine to check that the timed 
language of this automaton is L. 


X = l,a,x ~ 0 



X = 1, a, X ~ 0 


0 


0 < X < l,b,y := X 



y < X < l,b,y := X 


Fig. 9. A PolITA with a single level and an auxiliary clock 


5.4 Allowing more updates 

At level i, the value of a clock of level j < z is relevant. So it is interesting to 
allow updates of such a clock. Again for keeping decidability, such updates have 
the following restrictions: 

— At level z, the main clock of level j < i can only be updated by a polynomial 
of the main clocks of level less than j: Xj := P{x\, ..., 

— At level z, an auxiliary clock of level j < i may be updated by a clock of 
level j: y := z with y GYj and z G Xj. 

The decision procedure for this extension consists in translating the extended 
PolITA in a PolITA with the same behavior by at level z: (1) delaying the 
update of clocks of level j < i that should have been done until the current level 
becomes j and (2) duplicating the states by memorizing the current value of 
such a clock as an expression of the values of the clock when the level j was left. 
Guards and updates outgoing from a duplicated state are modified to take into 
account these expressions. 

Let us illustrate this transformation on the PolITA of Figure that is 
transformed in the PolITA of Figure [m The original clock has only main 
clocks and the level of the state is indicated inside the state. In the transformed 
state the superscript ’+’ means that this corresponds to a state of of the original 
ITA ready to be simulated while the superscript indicates that the delayed 
updates have to be performed. Let us start with the transition outgoing the 
state qo, the update of xi is delayed but memorized in the state := 2’. 

The transition outgoing from this state corresponds to the transition outgoing 
from q 2 but in the guard the occurrence of Xi has been substituted by 2. With 
this transformation, the update becomes X 2 ■= 5 but since we are at level 3, 
this update is memorized in state ^q^,xi := 2,X2 '■= 5’. The transition from q^ 
at level 3 to ga at level 2 is split in two transitions in the simulating PolITA. 
First we enter state ‘q^,xi := 2,X2 ■= 5’ at level 2 where the active clock is 
an auxiliary clock of level 2, z/ 2 - Then in null time due to the guard we perform 
the delayed update of X 2 , still memorizing the update of Xi and enter the state 



6 Conclusion 

We extend Interrupt Timed Automata with polynomial expressions on clocks, 
and prove that reachability and model checking of some timed temporal logic 






Fig. 10. A PolITA containing extended updates of clocks 



Fig. 11. A PolITA equivalent to the PolITA of Figure 


are decidable using the cylindrical decomposition. We also show that an on- 
the-fly construction of a class automaton is possible during the lifting phase of 
this decomposition. We establish that PolITA and SWA are incomparable and 
provide some additional interesting features to the model. In order to experi¬ 
ment the practical complexity of the decision procedures, an implementation is 
in progress. Since the current construction still requires the full complexity of 
the cylindrical decomposition, we plan for future work to investigate if recent 
methods |14ll9j with a lower complexity could be used to achieve reachability, 
possibly for a restricted version of PolITA. 
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